Apple has added a "groundbreaking" new memory security feature to its new iPhone 17 lineup called Memory Integrity Enforcement (MIE), which the company describes as "the most significant upgrade to memory safety in the history of consumer operating systems."


The new security feature targets spyware tools like Pegasus that exploit vulnerabilities to hack targeted devices. According to Apple, MIE provides comprehensive, always-on memory-safety protection covering the kernel and over 70 userland processes, built on the Enhanced Memory Tagging Extension (EMTE).

The new feature is supported by the new A19 and A19 Pro chips found across the iPhone 17 lineup as well as the iPhone Air. Apple says it has also added memory safety improvements for older hardware that doesn't support the new memory tagging features. In addition, Apple is making EMTE available to all Apple developers in Xcode as part of the new Enhanced Security feature that the company released earlier this year during WWDC.

The approach includes mitigation for Spectre V1 attacks that Apple claims works with "virtually zero CPU cost," addressing performance concerns that have plagued similar security features in the past. Apple says these changes make "mercenary spyware" significantly more expensive to develop, and present a major challenge to the surveillance industry.

Based on our evaluations pitting Memory Integrity Enforcement against exceptionally sophisticated mercenary spyware attacks from the last three years, we believe MIE will make exploit chains significantly more expensive and difficult to develop and maintain, disrupt many of the most effective exploitation techniques from the last 25 years, and completely redefine the landscape of memory safety for Apple products.

For in-depth information about the new MIE security feature, readers should refer to Apple's Security Research blog.
This article, "iPhone 17 Introduces 'Groundbreaking' New Memory Security Feature" first appeared on MacRumors.com

Discuss this article in our forums

The UK government's secret demand for Apple to create backdoor access to encrypted user data was far broader than previously known, reports the Financial Times. British officials didn't just want to break Apple's Advanced Data Protection feature, but sought to tap a swathe of standard iCloud services used by millions worldwide.


New court filings published on Wednesday by the Investigatory Powers Tribunal (IPC) show the Home Office's technical capability notice (TCN) "is not limited to" Apple's Advanced Data Protection feature, reports the FT. The order also included requirements for Apple to "provide and maintain a capability to disclose categories of data stored within a cloud-based backup service," suggesting the UK wanted access to backed-up messages and passwords.

Perhaps most significantly, the court document states that "the obligations included in the TCN are not limited to the UK or users of the service in the UK; they apply globally in respect of the relevant data categories of all iCloud users."

The revelation comes after Trump administration officials claimed last week that the UK had agreed to drop its encryption demands following pressure from the U.S. director of national intelligence Tulsi Gabbard and vice president JD Vance. However, the new filing suggests the Home Office has yet to formally modify or rescind its global data access demands.

Apple withdrew its Advanced Data Protection (ADP) feature from UK customers in February after receiving the secret government order, but the court documents imply this was only the tip of the iceberg. ADP provides end-to-end encryption for additional iCloud categories like Photos, Notes, and device backups, while standard iCloud already encrypts data in transit and at rest but allows Apple to access it with proper legal requests.

The case is arguably the most significant encryption battle since Apple's 2016 fight with the FBI over unlocking the San Bernardino shooter's iPhone. Apple has consistently maintained that creating backdoors would compromise security for all users and inevitably be exploited by malicious actors.

The IPC will hear Apple's legal challenge in open court early next year, although the UK government refuses to confirm or deny the existence of the Home Office order. The court has agreed to proceed based on "assumed facts" to avoid participants violating the Official Secrets Act.

One person familiar with the case told FT they were "still very concerned this is still going on," despite public statements from U.S. officials about the UK backing down.
This article, "UK Still Demanding Global Access to iCloud User Data, Filings Suggest" first appeared on MacRumors.com

Discuss this article in our forums