Apple launched a slate of new iPhones on Tuesday loaded with the company’s new A19 and A19 Pro chips. Along with an ultrathin iPhone Air and other redesigns, the new phones come with a less flashy upgrade that could turn out to be the true killer feature. A security improvement called Memory Integrity Enforcement combines always-on, chip-level protections with software defenses in an effort to harden iPhones against the most common—and commonly exploited—software vulnerabilities.
In recent years, a movement has been steadily growing across the global tech industry to address a ubiquitous and insidious type of bugs known as memory-safety vulnerabilities. A computer’s memory is a shared resource among all programs, and memory safety issues crop up when software can pull data that should be off limits from a computer’s memory or manipulate data in memory that shouldn’t be accessible to the program. When developers—even experienced and security-conscious developers—write software in ubiquitous, historic programming languages, like C and C++, it’s easy to make mistakes that lead to memory safety vulnerabilities. That’s why proactive tools like special programming languages have been proliferating with the goal of making it structurally impossible for software to contain these vulnerabilities, rather than attempting to avoid introducing them or catch all of them.
“The importance of memory safety cannot be overstated,” the US National Security Agency and Cybersecurity and Infrastructure Security Agency wrote in a June report. “The consequences of memory safety vulnerabilities can be severe, ranging from data breaches to system crashes and operational disruptions.”
Apple’s Swift programming language, released in 2014, is memory-safe. The company says it has been writing new code in Swift for years as well as attempting to strategically overhaul and rewrite existing code in the memory-safe language to make its systems more secure. This reflects the challenge of memory safety across the industry, because even if new code is written more securely, the world’s software was all written in memory-unsafe languages for decades. And while, in general, Apple’s locked down ecosystem has so far succeeded at preventing widespread malware attacks against iPhones, motivated attackers, particularly spyware makers, do still develop complex iOS exploit chains at high cost to target specific victims’ iPhones.
Even with the work Apple has done to begin overhauling its code for memory safety, the company has found that these rarefied attack chains virtually always still include exploitation of memory bugs.
“Known mercenary spyware chains used against iOS share a common denominator with those targeting Windows and Android: they exploit memory safety vulnerabilities, which are interchangeable, powerful, and exist throughout the industry,” Apple wrote in its Memory Integrity Enforcement announcement on Wednesday.
Apple has increasingly invested in memory safety with Swift and secure memory allocators that manage which regions of memory are “allocated” and “deallocated” for which data—a major factor in, and source of, memory safety vulnerabilities. But Memory Integrity Enforcement itself was originally inspired by work at the hardware level to protect code integrity even when a system has suffered memory corruption.
With memory-unsafe programming languages underlying so much of the world’s collective code base, Apple’s Security Engineering and Architecture team felt that putting memory safety mechanisms at the heart of Apple’s chips could be a deus ex machina for a seemingly intractable problem. The group built on a specification known as Memory Tagging Extension (MTE) released in 2019 by the chipmaker Arm. The idea was to essentially password protect every memory allocation in hardware so that future requests to access that region of memory are only granted by the system if the request includes the right secret.
Arm developed MTE as a tool to help developers find and fix memory corruption bugs. If the system receives a memory access request without passing the secret check, the app will crash and the system will log the sequence of events for developers to review. Apple’s engineers wondered whether MTE could run all the time rather than just being used as a debugging tool, and the group worked with Arm to release a version of the specification for this purpose in 2022 called Enhanced Memory Tagging Extension.
To make all of this a constant, real-time defense against exploitation of memory safety vulnerabilities, Apple spent years architecting the protection deeply within its chips so the feature could be on all the time for users without sacrificing overall processor and memory performance. In other words, you can see how generating and attaching secrets to every memory allocation and then demanding that programs manage and produce these secrets for every memory request could dent performance. But Apple says that it has been able to thread the needle.
Memory Integrity Enforcement “is built right into Apple hardware and software in all models of iPhone 17 and iPhone Air and offers unparalleled, always-on memory safety protection for our key attack surfaces including the kernel, while maintaining the power and performance that users expect,” Apple wrote in the announcement.
The company also released a version of the Enhanced Memory Tagging Extension specification for all Apple developers in Xcode so app makers can start to incorporate the protection into their products. Researchers who participate in Apple’s special device program will also be encouraged to test and attack Memory Integrity Enforcement in the new version of the devices that contain A19 series chips.
Apple has often been criticized for how restrictive its walled-garden ecosystem can be, including when lack of transparency prevents security researchers from fully vetting Apple’s systems. But the approach has also proved effective in many ways. And initial reactions to the announcement about Memory Integrity Enforcement were largely positive given the security benefits it promises.
“The deep integration of Apple’s ecosystem means that security enhancements like Memory Integrity Enforcement have an enormous impact on overall user security and privacy,” says Alex Zenla, chief technology officer of the sandbox cloud security firm Edera. “Security can be effectively built-in from the ground up when properly designed.”
