What is Apple’s Memory Integrity Enforcement, and why does it matter?

What is Apple’s Memory Integrity Enforcement, and why does it matter?

5gDedicated
Yanac

While you may have been distracted by Apple’s new product releases and interesting operating system enhancements, the company also quietly a powerful new security feature this week: Memory Integrity Enforcement (MIE).

The tech, which is built into Apple’s latest iPhones, combines always-on protections at a chip level with software defenses against the most commonly exploited software vulnerabilities. In a blog post, the company said it believes MIE will “completely redefine the landscape of memory safety for Apple products.”

The idea is that it protects computer memory safety, ensuring that small coding mistakes that can be exploited to access data held in your computer memory can’t be used to breach system security. In simple terms, it prevents hackers from exploiting software flaws that give access to memory. 

This isn’t the only way attackers launch attacks, of course, but it is a frequently used approach that has now been secured on the iPhone.

A significant upgrade to memory safety

In a LinkedIn post, Apple’s genius Head of Security Engineering and Architecture, Ivan Krstić wrote that MIE represents the culmination of half a decade of design and engineering effort in which Apple has combined Apple Silicon hardware design with operating system security. The result is an industry-first, always-on memory safety protection that does not compromise device performance.

“Because of how dramatically it reduces an attacker’s ability to exploit memory corruption vulnerabilities on our devices, we believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems,” he wrote

Apple has tested the new tech against “exceptionally sophisticated mercenary spyware attacks from the last three years,” he wrote. As a result, Apple believes the protection will make it far, far more expensive and difficult to develop and maintain such attacks.

It’s a protection that disrupts many of the most effective exploitation techniques from the last 25 years, wrote Krstić. These are huge, huge claims. 

Will MIE come to the Mac?

As the protection only appears in the latest iPhones, it seems reasonable to think it will also be introduced across Macs and other Apple devices in future as new processors are introduced.

I make that assumption because MIE quite evidently relies on both hardware (the processor), as well as software – and the new iPhones introduce new chips which, logically, will eventually in some form extend to Apple’s PCs and tablets.

How does MIE work?

In brief, the protection relies on both hardware and software with key components including secure typed memory allocators, Enhanced Memory Tagging Extension (EMTE) in synchronous mode, and Tag Confidentiality Enforcement. What are these?

Secure typed memory allocators are Apple’s new system for memory management that secures memory handling at the hardware/software level.

Enhanced Memory Tagging Extension is Apple’s strengthened version of ARM’s Memory Tagging Extension (MTE). It assigns tags to chunks of memory and to every pointer to that memory so that when an app accesses memory the processor can check all the tags line up. If they don’t, access is blocked.

Tag Confidentiality Enforcement: This keeps those randomized tag values secret and ensures leaked data doesn’t include the values assigned to those tags.

These three technologies work together to block common memory attacks such as buffer overflows and use-after-free memory exploits, even at kernel level. This means that if malware tries to use a block of freed memory or tries a brute force attack or attempts to leak tag values, the tech prevents it. For a deeper dive into how the technology operates I urge you to look at Apple’s own guidance.

What this means to you

It’s important not to draw too many conclusions, but what is interesting here is that by managing both the hardware and the software Apple can now promise robust and resilient security protection for even its most high value iPhone customers. 

If, as I expect, the company extends this protection to its other hardware products in the future, then it will be challenging to identify any good reason any enterprise professional handling confidential or regulated data would want to use any other platform, given how insecure those have proved themselves to be.

This protection should help protect against some of the world’s most frequently used attacks.

And this is a very, very good thing.

Follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.What is Apple’s Memory Integrity Enforcement, and why does it matter? – ComputerworldRead More