Apple on Tuesday revealed a brand new safety characteristic known as Reminiscence Integrity Enforcement (MIE) that is constructed into its newly launched iPhone fashions, together with iPhone 17 and iPhone Air.
MIE, per the tech big, provides “always-on reminiscence security safety” throughout vital assault surfaces such because the kernel and over 70 userland processes with out sacrificing gadget efficiency by designing its A19 and A19 Professional chips maintaining this facet in thoughts.
“Reminiscence Integrity Enforcement is constructed on the sturdy basis supplied by our safe reminiscence allocators, coupled with Enhanced Reminiscence Tagging Extension (EMTE) in synchronous mode, and supported by intensive Tag Confidentiality Enforcement insurance policies,” the corporate famous.
The hassle is an purpose to enhance reminiscence security and forestall dangerous actors, particularly these leveraging mercenary spyware and adware, from weaponizing such flaws within the first place to interrupt into units as a part of highly-targeted assaults.
The know-how that underpins MIE is EMTE, an improved model of the Reminiscence Tagging Extension (MTE) specification launched by chipmaker Arm in 2019 to flag reminiscence corruption bugs both synchronously or asynchronously. EMTE was launched by Arm in 2022 following a collaboration with Apple.
It is price noting that Google’s Pixel units have already got assist for MTE as a developer possibility beginning with Android 13. Related reminiscence integrity options have additionally been launched by Microsoft in Home windows 11.
 |
| How MIE blocks use-after-free entry |
“The flexibility of MTE to detect reminiscence corruption exploitation on the first harmful entry is a major enchancment in diagnostic and potential safety effectiveness,” Google Undertaking Zero researcher Mark Model mentioned in October 2023, coinciding with the discharge of Pixel 8 and Pixel 8 Professional.
“The provision of MTE on a manufacturing handset for the primary time is a giant step ahead, and I believe there’s actual potential to make use of this know-how to make 0-day tougher.”
Apple mentioned MIE transforms MTE from a “useful debugging software” right into a groundbreaking new safety characteristic, providing safety safety towards two frequent vulnerability courses – buffer overflows and use-after-free bugs – that would end in reminiscence corruption.
 |
| How MIE blocks buffer overflows |
This basically includes blocking out-of-bounds requests to entry adjoining reminiscence that has a special tag, and retagging reminiscence because it will get reused for different functions after it has been freed and reallocated by the system. In consequence, requests to entry retagged reminiscence with an older tag (indicating use-after-free eventualities) additionally get blocked.
“A key weak point of the unique MTE specification is that entry to non-tagged reminiscence, akin to world variables, will not be checked by the {hardware},” Apple defined. “This implies attackers do not need to face as many defensive constraints when making an attempt to regulate core utility configuration and state.”
“With Enhanced MTE, we as an alternative specify that accessing non-tagged reminiscence from a tagged reminiscence area requires realizing that area’s tag, making it considerably tougher for attackers to show out-of-bounds bugs in dynamic tagged reminiscence right into a technique to sidestep EMTE by straight modifying non-tagged allocations.”
 |
| Enabling MTE on Google Pixel |
Cupertino mentioned it has additionally developed what it calls Tag Confidentiality Enforcement (TCE) to safe the implementation of reminiscence allocators towards side-channel and speculative execution assaults like TikTag that MTE was discovered prone to final 12 months, ensuing within the leak of an MTE tag related to an arbitrary reminiscence deal with by exploiting the truth that tag checks generate cache state variations throughout speculative execution.
“The meticulous planning and implementation of Reminiscence Integrity Enforcement made it potential to keep up synchronous tag checking for all of the demanding workloads of our platforms, delivering groundbreaking safety with minimal efficiency affect, whereas remaining fully invisible to customers,” it added.
