Apple says the iPhone 17 comes with a massive security upgrade

It’s little noticeable than a thinner illustration oregon instrumentality camera lenses, but Apple is pointing retired different upgrade successful the iPhone 17 household of phones that it says is portion of “the astir important upgrade to representation information successful the past of user operating systems.” Explicitly targeting the spyware manufacture that produces exploits for tools similar Pegasus to hack connected targeted devices, a bid of changes successful Apple’s chips, OS, and improvement tools are portion of what it calls Memory Integrity Enforcement (MIE).

With the instauration of the iPhone 17 lineup and iPhone Air, we’re excited to present Memory Integrity Enforcement: the industry’s archetypal ever, comprehensive, always-on memory-safety extortion covering cardinal onslaught surfaces — including the kernel and implicit 70 userland processes — built connected the Enhanced Memory Tagging Extension (EMTE) and supported by unafraid typed allocators and tag confidentiality protections.

The attack is akin to what we’ve seen from Microsoft’s instauration of memory integrity information features for Windows 11, arsenic good arsenic a bid of changes that person arrived to forestall speculative-execution vulnerabilities similar Spectre. Apple’s blog station besides mentions efforts by ARM with the Memory Tagging Extension (MTE) to combat representation bugs, which is supported connected Google’s Pixel phones starting with the Pixel 8 bid and enabled for supported apps if you crook connected Advanced Protection. 

Apple says its implementation goes a measurement further, with the quality to support each users by default and by designing its A19 and A19 Pro chips for enhanced security, portion inactive adding representation information changes for older hardware that doesn’t enactment the caller representation tagging features. The institution besides says its caller mitigation for Spectre V1 leaks works with “virtually zero CPU cost” — arsenic show hits have been an issue for representation integrity and other information features —  with each of the changes making “mercenary spyware” adjacent much costly to develop. 

The folks down the security-focused GrapheneOS task acknowledged the “major information improvements” that volition assistance iPhone information successful a station connected X, but also said they had issues with the presumption and however it portrayed iOS information vs features similar MTE, already released for Android. We’ll larn much astir however overmuch has changed erstwhile these updates scope devices and attackers instrumentality their crook trying to ace unfastened the iPhone 17 and iPhone Air’s security.