On Tuesday, Apple announced a cutting-edge security feature known as Memory Integrity Enforcement (MIE), which is integrated into its latest iPhone models, including the highly anticipated iPhone 17 and iPhone Air. This innovative technology provides an always-on memory safety protection system, targeting critical attack surfaces such as the kernel and over 70 userland processes. Apple has designed its new A19 and A19 Pro chips with a focus on ensuring that this robust security feature does not compromise device performance.
According to Apple, Memory Integrity Enforcement builds upon a strong foundation provided by secure memory allocators. This feature is further enhanced by the Enhanced Memory Tagging Extension (EMTE) in synchronous mode, which is backed by comprehensive Tag Confidentiality Enforcement policies. The primary goal of MIE is to bolster memory safety and prevent malicious actors, particularly those using mercenary spyware, from exploiting vulnerabilities to gain unauthorized access to devices during targeted attacks.
The technology that drives MIE, Enhanced Memory Tagging Extension (EMTE), is an advanced iteration of the Memory Tagging Extension (MTE) specification that was initially released by chipmaker Arm in 2019. EMTE was developed in collaboration with Apple and launched in 2022, facilitating the detection of memory corruption bugs either synchronously or asynchronously. Notably, Google's Pixel devices have already integrated MTE as a developer option starting with Android 13, while Microsoft has implemented similar memory integrity features in Windows 11.
One of the standout features of MIE is its ability to block memory corruption exploits such as use-after-free and buffer overflow vulnerabilities. According to Mark Brand, a researcher from Google Project Zero, the capacity of MTE to identify memory corruption at the first critical access point represents a significant leap forward in both diagnostics and security effectiveness. The introduction of MIE transforms MTE from a useful debugging tool into a groundbreaking security feature, making it harder for malicious entities to exploit zero-day vulnerabilities.
MIE effectively prevents buffer overflows by blocking out-of-bounds requests that attempt to access adjacent memory with mismatched tags. It also retags memory as it is reused after being freed and reallocated by the system. Consequently, any requests to access this retagged memory with an outdated tag—which indicates a use-after-free scenario—are also denied. A known limitation of the original MTE specification was its lack of checks for non-tagged memory, such as global variables, which allowed attackers to bypass many security constraints. With the enhanced MTE, Apple specifies that accessing non-tagged memory from a tagged region requires knowledge of the region's tag, significantly complicating attempts by attackers to exploit out-of-bounds bugs.
In addition to MIE, Apple has introduced Tag Confidentiality Enforcement (TCE). This feature is designed to protect the memory allocators from side-channel and speculative execution attacks, such as the TikTag vulnerability that was identified last year. TCE addresses the risks associated with cache state differences generated during speculative execution, which could potentially leak MTE tags linked to arbitrary memory addresses. Apple emphasizes that the meticulous design and implementation of Memory Integrity Enforcement allows for synchronous tag checking across demanding workloads, providing robust security with minimal impact on performance, all while remaining completely invisible to users.
