Reprinted from TidBITS by permission; reuse governed by Creative Commons license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary on Apple and Internet topics. For free email subscriptions and access to the entire TidBITS archive, visit http://www.tidbits.com/ Memory Integrity Enforcement Bolsters iPhone Security Adam Engst In an Apple Security Research blog post, the company's [1]Security Engineering and Architecture team writes: Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort, spanning half a decade, that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first, always-on memory safety protection across our devices ' without compromising our best-in-class device performance. We believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems. There has never been a successful, widespread malware attack against iPhone. The only system-level iOS attacks we observe in the wild come from mercenary spyware, which is vastly more complex than regular cybercriminal activity and consumer malware. Mercenary spyware is historically associated with state actors and uses exploit chains that cost millions of dollars to target a very small number of specific individuals and their devices. Although the vast majority of users will never be targeted in this way, these exploit chains demonstrate some of the most expensive, complex, and advanced attacker capabilities at any given time and are uniquely deserving of study as we work to protect iPhone users against even the most sophisticated threats. Known mercenary spyware chains used against iOS share a common denominator with those targeting Windows and Android: they exploit memory safety vulnerabilities, which are interchangeable, powerful, and exist throughout the industry. '¦ Based on our evaluations pitting Memory Integrity Enforcement against exceptionally sophisticated mercenary spyware attacks from the last three years, we believe MIE will make exploit chains significantly more expensive and difficult to develop and maintain, disrupt many of the most effective exploitation techniques from the last 25 years, and completely redefine the landscape of memory safety for Apple products. The short version of this security article is that Apple has built a sophisticated new security system into the latest iPhones to help prevent a particularly dangerous type of hack where attackers manipulate the phone's memory to gain control. This kind of attack is primarily used by companies that create spyware for governments to target specific individuals like journalists, activists, and dissidents. The new system, which took years of development and deep integration between Apple's hardware and software, is currently available only in the A19 and A19 Pro chips used in the iPhone 17 and iPhone Air. I would expect to see it appear in the M-series chips that power Macs and high-end iPads as well, perhaps with the M5, though Apple hasn't said anything about such a migration. [2]Read original article References 1. https://security.apple.com/blog/memory-integrity-enforcement/ 2. https://security.apple.com/blog/memory-integrity-enforcement/ .