Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Apple iPhone Air and iPhone 17 Feature A19 Chips With Spyware-Resistant Memory Safety

The Hacker News by The Hacker News
September 10, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Sep 10, 2025Ravie LakshmananSpyware / Vulnerability

Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that’s built into its newly introduced iPhone models, including iPhone 17 and iPhone Air.

MIE, per the tech giant, offers “always-on memory safety protection” across critical attack surfaces such as the kernel and over 70 userland processes without sacrificing device performance by designing its A19 and A19 Pro chips, keeping this aspect in mind.

“Memory Integrity Enforcement is built on the robust foundation provided by our secure memory allocators, coupled with Enhanced Memory Tagging Extension (EMTE) in synchronous mode, and supported by extensive Tag Confidentiality Enforcement policies,” the company noted.

The effort is an aim to improve memory safety and prevent bad actors, specifically those leveraging mercenary spyware, from weaponizing such flaws in the first place to break into devices as part of highly-targeted attacks.

Audit and Beyond

The technology that underpins MIE is EMTE, an improved version of the Memory Tagging Extension (MTE) specification released by chipmaker Arm in 2019 to flag memory corruption bugs either synchronously or asynchronously.

It’s worth noting that Google’s Pixel devices already have support for MTE as a developer option starting with Android 13. Similar memory integrity features have also been introduced by Microsoft in Windows 11.

How MIE blocks use-after-free access

“The ability of MTE to detect memory corruption exploitation at the first dangerous access is a significant improvement in diagnostic and potential security effectiveness,” Google Project Zero researcher Mark Brand said in October 2023, coinciding with the release of Pixel 8 and Pixel 8 Pro.

“The availability of MTE on a production handset for the first time is a big step forward, and I think there’s real potential to use this technology to make 0-day harder.”

Apple said MIE transforms MTE from a “helpful debugging tool” into a groundbreaking new security feature, offering security protection against two common vulnerability classes – buffer overflows and use-after-free bugs – that could result in memory corruption.

How MIE blocks buffer overflows

This essentially involves blocking out-of-bounds requests to access adjacent memory that has a different tag, and retagging memory as it gets reused for other purposes after it has been freed and reallocated by the system. As a result, requests to access retagged memory with an older tag (indicating use-after-free scenarios) also get blocked.

“A key weakness of the original MTE specification is that access to non-tagged memory, such as global variables, is not checked by the hardware,” Apple explained. “This means attackers don’t have to face as many defensive constraints when attempting to control core application configuration and state.”

CIS Build Kits

“With Enhanced MTE, we instead specify that accessing non-tagged memory from a tagged memory region requires knowing that region’s tag, making it significantly harder for attackers to turn out-of-bounds bugs in dynamic tagged memory into a way to sidestep EMTE by directly modifying non-tagged allocations.”

Enabling MTE on Google Pixel

Cupertino said it has also developed what it calls Tag Confidentiality Enforcement (TCE) to secure the implementation of memory allocators against side-channel and speculative execution attacks like TikTag that MTE was found susceptible to last year, resulting in the leak of an MTE tag associated with an arbitrary memory address by exploiting the fact that tag checks generate cache state differences during speculative execution.

“The meticulous planning and implementation of Memory Integrity Enforcement made it possible to maintain synchronous tag checking for all the demanding workloads of our platforms, delivering groundbreaking security with minimal performance impact, while remaining completely invisible to users,” it added.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
How CIOs can steer legacy tech overhauls

How CIOs can steer legacy tech overhauls

Recommended.

North Korean Hackers Pull Off 8M Bitcoin Heist from Crypto Firm DMM Bitcoin

North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin

December 24, 2024
Illuminating New Possibilities in Infrastructure Monitoring: Lightera Introduces DataSens™ DryBlock Cable

Illuminating New Possibilities in Infrastructure Monitoring: Lightera Introduces DataSens™ DryBlock Cable

January 17, 2026

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio