Apple’s new iPhones have a new security feature to stop spyware hackers

Macworld

Apple’s new iPhone Air, iPhone 17, and iPhone 17 Pro have an all-new way to protect devices against certain kinds of spyware attacks. It’s called Memory Integrity Enforcement (MIE) and Apple has been working on it for about five years, according to the Security Research blog post announcing the feature.

MIE requires new hardware (presumably present in the A19 processors) as well as new low-level operating system memory access systems. With MIE, it should be much harder for sophisticated spyware to crack into targeted iPhones.

Most types of widespread malware are fairly ineffective on iPhones already. Regular security updates, constrained app development and deployment, app signing, and a suite of robust hardware and software security features make it pretty hard to deploy malware that affects millions.

The real threat these days is what Apple calls “mercenary spyware.” This is highly sophisticated software, like the Pegasus attack, is aimed at using very niche exploits to spy on targeted individuals. It’s usually the product of state agencies—intelligence and law enforcement agencies around the world who want to spy on adversaries, suspects, and dissidents. These exploits are very expensive to develop and maintain, which is why they usually require government agency resources rather than those of small hacker groups.

These exploits usually rely on a bug that allows for memory to be corrupted. Common ones you may have heard of are “buffer overflows” or “use-after-free” vulnerabilities.

Memory Integrity Enforcement uses a combination of techniques to thwart these and other common corruption techniques. There’s the Enhanced Memory Tagging Extension as part of the ARM specification (which Apple forces into synchronous mode for tighter security, tag confidentiality enforcement policies, and Apple’s secure memory allocators.

If that all sounds like so much gobbledygook, then the bottom line is this: There is hardware in the new iPhone Air and iPhone 17 models that, combined with some OS updates, will make it vastly harder to produce the kinds of sophisticated state-sponsored and professional cracks used today.

Obviously no system is perfectly secure, but this should raise the bar quite a lot. It’s not clear whether this will make the new iPhones immune to the common law enforcement tools meant to access locked iPhones like GrayKey, Cellebrite’s UFED, or AXIOM, but it stands to reason they will be either less effective or completely ineffective.