Apple's New Memory Integrity Enforcement for iPhone

that_guy

Earlier today Apple introduced this year's roundup of new iStuff but I thought this simultaneous press release was interesting: https://security.apple.com/blog/memory-integrity-enforcement/

Today we’re introducing the culmination of this effort: Memory Integrity Enforcement (MIE), our comprehensive memory safety defense for Apple platforms. Memory Integrity Enforcement is built on the robust foundation provided by our secure memory allocators, coupled with Enhanced Memory Tagging Extension (EMTE) in synchronous mode, and supported by extensive Tag Confidentiality Enforcement policies.

<snip>

With the introduction of the iPhone 17 lineup and iPhone Air, we’re excited to deliver Memory Integrity Enforcement: the industry’s first ever, comprehensive, always-on memory-safety protection covering key attack surfaces...

I think we know who's had "always-on memory-safety protection covering key attack surfaces" for awhile now <ahem> but of course Apple will probably be hailed as groundbreaking by the industry. Just thought this was interesting and tangentially relevant to GrapheneOS.

de0u

that_guy Thanks for posting that.

It looks like a genuine improvement, and if so it will help a lot of people as they buy a new device with the improvements (there are a lot of iPhone users). Similarly, I think I've read that Qualcomm is rolling out MTE, which will help a lot of users. There are a lot of phone users who don't and won't have a Pixel.

Franckienogotobollywood

that_guy The difference with Google is that Apple activates MIE by default for all layers of devices. I'm not an expert in the field at all but I think it's a very good thing to have activated it

DeletedUser449

Hopefully this will be added to M5 devices as well. Probably not Macs, but maybe iPad Pros?

fallenatas

Is EMTE a open resolution? Is it stronger than MTE on Pixels?

GrapheneOS

fallenatas EMTE is the name for FEAT_MTE4 which will be available for use by GrapheneOS once newer Cortex cores and other cores come out with the new ARM MTE features. The same goes for side channel fixes which are not limited to MTE and Apple has plenty of CPU side channel issues themselves. Apple has in fact had far more severe issues with CPU side channels than Cortex.

Wadder

GOS have spoken about Apple's approach to memory tagging via Mastodon (see the link below)

https://grapheneos.social/@GrapheneOS/115177834537816512