Apple has unveiled a comprehensive security system called Memory Integrity Enforcement (MIE) that represents a five-year engineering effort to combat sophisticated cyberattacks targeting individual users through memory corruption vulnerabilities.The technology is built into Apple’s new iPhone 17 and iPhone Air devices, as well as the A19 and A19 Pro chips. It combines custom-designed hardware with changes to the operating system to deliver what Apple describes as “industry-first, always-on” memory safety protection. According to Apple’s security researchers, the system is primarily designed to defend against sophisticated attacks from so-called “mercenary spyware,” rather than from typical consumer malware.“Based on our evaluations pitting Memory Integrity Enforcement against exceptionally sophisticated mercenary spyware attacks from the last three years, we believe MIE will make exploit chains significantly more expensive and difficult to develop and maintain, disrupt many of the most effective exploitation techniques from the last 25 years, and completely redefine the landscape of memory safety for Apple products,” the company wrote in a blog posted Tuesday. “Because of how dramatically it reduces an attacker’s ability to exploit memory corruption vulnerabilities on our devices, we believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.”Memory corruption vulnerabilities have long accounted for some of the most pervasive threats to operating system security. These flaws happen when software doesn’t properly control how it reads from or writes to memory, allowing attackers to change, overwrite, or access parts of a computer’s memory they shouldn’t be able to.Exploits targeting these flaws — in particular buffer overflows and use-after-free errors — have underpinned the sophisticated, multi-million-dollar exploit chain that powers spyware. Attackers exploit these flaws, often in “zero-click” (no user interaction required) scenarios, to run harmful code, steal data, or crash systems. For example, NSO Group’s Pegasus spyware was powered by three memory corruption vulnerabilities that were chained together. Recognizing this, Apple expanded efforts over the past five years to address memory safety “at scale.” The company worked closely with the chip designer Arm to improve a memory protection system where memory checks happen immediately, every single time memory is used, instead of sometimes waiting, which could leave a small window open for attackers. This led to the creation of Enhanced Memory Tagging Extension (EMTE), a key part of Apple’s new system.EMTE works by giving each piece of memory a special secret tag. Whenever the device tries to use a particular section of memory, the hardware checks the tag to make sure it is correct. If the tag doesn’t match what is expected, the device will immediately stop the program and record the incident. By ensuring every block of memory has its own unique tag, and by changing these tags whenever memory is reused, Apple’s system blocks unauthorized access efforts before they can cause damage.“Apple has a deep understanding of this problem space, and because they control both the hardware (Apple Silicon) and the software (iOS), they have the unique ability to engineer a tightly integrated and very effective security mechanism,” said Patrick Wardle, co-founder and CEO of DoubleYou, a company that specializes in Apple security. “This kind of approach, which depends on tight coupling between the chip and the operating system, is something most other vendors cannot replicate as easily since they do not own both sides of the stack.”The company acknowledges in a blog post that the system does not entirely eliminate spyware’s ability to be executed on an Apple device, but makes it extremely difficult for attacks to successfully run spyware or maintain access if a device has been compromised. “While there’s no such thing as perfect security, MIE is designed to dramatically constrain attackers and their degrees of freedom during exploitation,” the blog post reads. The efforts mirror similar systems put in place by Microsoft, which has a memory integrity feature in Windows 11, and Google, which has a similar system in its Pixel devices.Natalia Krapiva, senior tech-legal counsel at Access Now, told CyberScoop she thought it was “great” that Apple was taking effective measures since it’s “always a cat-and-mouse” game when large tech companies create ways to thwart spyware developers.“These spyware developers like finding new ways of targeting people, evading detection and so on,” Krapiva told CyberScoop. “This is great to see Apple coming up with new ways to protect high-risk users.The one drawback Krapiva did highlight is that this system is only available on new devices. AccessNow works internationally with groups that are often targeted by spyware on devices that are several generations older than what most consumers use. “For our communities, oftentimes these are grassroots, independent media. It’s very hard to afford new devices, especially Apple devices,” she told CyberScoop. “It could be a nice thing for Apple to have some kind of a program to allow for these types of groups to be able to access this.”MIE can also be taken advantage of by third-party applications, including social media and messaging applications. Additionally, EMTE is available to all Apple developers in Xcode, its developer toolkit, as part of the Enhanced Security feature it rolled out earlier this year. The post Apple’s new Memory Integrity Enforcement system deals a huge blow to spyware developers appeared first on CyberScoop.