Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- iPhone 17 lineup brings substantial security upgrades.
- MIE focuses on stopping sophisticated, targeted surveillance.
- Apple unveils Memory Integrity Enforcement (MIE) system.
Apple says its latest iPhone range will contain new memory security features designed to protect consumers from advanced spyware and surveillance.
Also: Apple iPhone 17 Pro vs. iPhone 16 Pro: I compared both models, and here’s how they differ
On the heels of the tech giant’s keynote in Cupertino this week, in which Apple debuted the new iPhone 17, Apple also revealed that the latest smartphones in its product line will contain new technologies designed to thwart modern cyberthreats.
Apple engineers have been working on a way to improve the security of its mobile devices. Specifically, how to combat advanced attacks found at the operating system and memory levels. The answer? Memory Integrity Enforcement (MIE).
Meet MIE
MIE was not developed to fight against low-hanging fruit — the kinds of opportunistic cyberattackers who develop basic malware and rely on human error, phishing, and fraud to compromise a system. Instead, the memory safety feature aims to break complex, expensive, and targeted attack chains connected with state-sponsored threat actors and top-tier spyware developers.
If this brings to mind cases including NSO Group’s Pegasus, when malware was used to infiltrate phones reportedly belonging to activists and journalists, that’s the aim. According to Apple, MIE is focused on disrupting “mercenary spyware” that may cost millions of dollars to target a select few.
“Known mercenary spyware chains used against iOS share a common denominator with those targeting Windows and Android: they exploit memory safety vulnerabilities, which are interchangeable, powerful, and exist throughout the industry,” the company says.
Also: Every iPhone 17 model compared: Should you buy the base model, Air, Pro, or Max?
MIE provides always-on memory-safety protection, shielding the kernel and over 70 userland processes. It is built on the Enhanced Memory Tagging Extension (EMTE). Secure typed allocators and tag confidentiality protections support the system.
Apple says that it worked with Arm to address weaknesses in the Memory Tagging Extension (MTE) specification, released back in 2019, leading to the creation of 2022’s EMTE through a collaboration between Apple and Arm. (While acknowledging that MIE is likely a great defensive boost for iPhones, it should be noted that the mobile security project GrapheneOS has responded to Apple’s claims concerning the overall security of MTE.)
How effective is MIE?
How effective MIE will be in fighting advanced surveillance and spyware remains to be seen, but keeping in mind that iOS is less susceptible in general to malware due to the iPad and iPhone maker’s stringent app controls, at least, it will hopefully reduce the success rate — and increase the cost — of launching these types of complex attacks.
Also: Why I’m sticking with my iPhone 12 for another year – and I’m not alone
“We believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems,” Apple commented. “We believe MIE will make exploit chains significantly more expensive and difficult to develop and maintain, disrupt many of the most effective exploitation techniques from the last 25 years, and completely redefine the landscape of memory safety for Apple products.”
If you’re interested in adopting these features for yourself, here is how to preorder the iPhone 17, iPhone Air, Apple Watch Series 11, and more.