Apple’s newly unveiled iPhone 17 lineup and the first-ever iPhone Air is grabbing headlines for its sleek new design, vibrant colourways, camera upgrades, and performance-related capabilities. But one major change that is flying under the radar is the company’s security upgrade in this generation of iPhones to strengthen protections against sophisticated spyware attacks.
In a blog post on September 9, Apple announced that it has made a series of changes in its A19 and A19 Pro chips, operating system, and development tool to offer a new type of protection known as Memory Integrity Enforcement (MIE).
MIE has been built to detect and patch security exploits in device memory, making it harder for threat actors to compromise iPhones using sophisticated spyware like Israeli firm NSO Group’s Pegasus. Apple has said that MIE is the industry’s first-ever comprehensive, always-on memory-safety protection covering key attack surfaces including the kernel and over 70 userland processes.
It is built on the Enhanced Memory Tagging Extension (EMTE), which is a modified version of a tool first introduced by Arm to help find memory corruption bugs in hardware.
The MIE will be built right into Apple hardware software in all models of iPhone 17 and iPhone Air, as per the Cupertino-based tech giant. “Because of how dramatically it reduces an attacker’s ability to exploit memory corruption vulnerabilities on our devices, we believe [MIE] represents the most significant upgrade to memory safety in the history of consumer operating systems,” Apple said in its blog post.
The new in-built security feature follows Apple’s periodic alerts sent to iPhone users spread across the world, warning them that their devices have been potentially targeted using government spyware. In July this year, the tech giant issued notifications to dozens of Iranians that their iPhones had been targeted with government spyware.
These alerts had also sparked a political controversy in India two years ago, after several prominent Opposition leaders such as Congress MP Shashi Tharoor, Trinamool Congress MP Mahua Moitra, and others, claimed that they had received a threat notification from Apple about State-sponsored attackers targeting their iPhones.
Story continues below this ad
While security researchers have acknowledged the “major security improvements” that will help iPhone security, they also criticised the way Apple has framed the rollout of the feature and pointed out that several Android smartphones such as Google Pixel 8 have already been shipped with MTE protection years earlier.
“It’s not as if Apple’s integration of features like PAC and MTE is going to be perfect with no caveats,” Graphene OS, a security-focused mobile OS project, said in a post on X. “MTE provides 4-bit tags providing a relatively high probability of detecting exploits. It’s not memory safety. It’s the first step towards strong memory tagging. There’s around a 1/15 chance to bypass it for each part of an exploit it impacts without having any side channels,” it further said.
0
0
Average Rating