With the iPhone 17 family and iPhone Air, Apple introduces Memory Integrity Enforcement: the first industry-wide, comprehensive, always-on memory safety protection for crucial attack surfaces, including the kernel and over 70 userland processes. This is engineered using the Enhanced Memory Tagging Extension (EMTE) and is maintained by secure typed allocators and confidential tag protections.

This move resembles what Microsoft has done by introducing memory integrity security features for Windows 11 and methods to counter speculative-execution vulnerabilities, such as Spectre. Apple’s blog post also acknowledges ARM’s efforts with the Memory Tagging Extension (MTE) to combat memory glitches, which Google’s Pixel 8 series phones support, activated when Advanced Protection is enabled for certain applications.

Apple claims its implementation advances further by default-protecting all users and designing its A19 and A19 Pro chips to bolster security. Even older devices benefit from added memory safety modifications, despite not supporting new memory tagging functionalities. The company mentions its new Spectre V1 leak mitigation operates with “virtually zero CPU cost,” addressing concerns of performance declines with security features and making “mercenary spyware” costlier to develop.

The GrapheneOS project team, focused on security, recognized the “major security improvements” that will enhance iPhone security in a post on X. However, they also critiqued the presentation style, comparing iOS security to Android features like MTE, already available. We’ll gain further insights into the changes when these updates roll out and attackers seek to challenge the security of the iPhone 17 and iPhone Air.