The iPhone 17 series is here, and it brings some significant upgrades, both to the hardware and design. There's the new A19/A19 Pro chip, which promises close to 40% performance gains over the previous generation. There are camera improvements as well, including a new Center Stage feature. Besides the changes that are visible outside, there are also some underlying improvements. Apple has added a new memory security feature, called the Memory Integrity Enforcement (MIE), to its new iPhone 17 lineup. This is to offer protection against malware attacks.
Apple describes this as a "groundbreaking" new memory security feature and a comprehensive memory safety defence for Apple platforms. MIE (Memory Integrity Enforcement) targets spyware tools that exploit vulnerabilities to hack targeted devices. MIE provides comprehensive, always-on memory-safety protection covering key attack surfaces. This includes the kernel and over 70 userland processes. This is built on the Enhanced Memory Tagging Extension (EMTE).
Apple says that for the new A19 and A19 Pro chips to support Memory Integrity Enforcement, they've dedicated an "extraordinary" amount of Apple silicon resources to security. This includes CPU area, CPU speed, and memory for tag storage.
Apple has also added memory safety improvements for older hardware that doesn't support the new memory tagging feature. It is making EMTE available to all Apple developers in Xcode. This is a part of the new Enhanced Security feature that was released during WWDC this year.
Spectre Variant 1 (V1) is a speculative-execution vulnerability that allows attackers to exploit conditional branches to leak data, including MTE tag values. Apple notes that there has been no real solution to this because Spectre V1 mitigations have a prohibitive CPU cost. The approach now includes mitigation for Spectre V1 attacks, which, according to Apple, works with "virtually zero CPU cost."
Apple says that these developments make "mercenary spyware" significantly more expensive to develop and also present a challenge to the surveillance industry.