Apple launched a slate of new iPhones on Tuesday loaded with the company’s new A19 and A19 Pro chips. Along with an ultra-thin iPhone Air and other redesigns, the new phones come with a less flashy upgrade that could turn out to be the true killer feature. A security improvement called “Memory Integrity Enforcement” combines always-on chip-level protections with software defenses in an effort to harden iPhones against the most common—and commonly exploited—software vulnerabilities.
In recent years, a movement has been steadily growing across the global tech industry to address a ubiquitous and insidious type of bugs known as memory-safety vulnerabilities. A computer’s memory is a shared resource among all programs, and memory safety issues crop up when software can pull data that should be off limits from a computer’s memory or manipulate data in memory that shouldn’t be accessible to the program. When developers—even experienced and security-conscious developers—write software in ubiquitous, historic programming languages, like C and C++, it’s easy to make mistakes that lead to memory safety vulnerabilities. That’s why proactive tools like special programming languages have been proliferating with the goal of making it structurally impossible for software to contain these vulnerabilities, rather than attempting to avoid introducing them or catch all of them.
“The importance of memory safety cannot be overstated,” the US National Security Agency and Cybersecurity and Infrastructure Security Agency wrote in a June report. “The consequences of memory safety vulnerabilities can be severe, ranging from data breaches to system crashes and operational disruptions.”
Apple’s Swift programming language, released in 2014, is memory safe. The company says it has been writing new code in Swift for years as well as attempting to strategically overhaul and rewrite existing code in the memory safe language to make its systems more secure. This reflects the challenge of memory safety across the industry, because even if new code is written more securely, the world’s software was all written in memory unsafe languages for decades. And while, in general, Apple’s locked down ecosystem has so far succeeded at preventing widespread malware attacks against iPhones, motivated attackers, particularly spyware makers, do still develop complex iOS exploit chains at high cost to target specific victims’ iPhones.
Even with the work Apple has done to begin overhauling its code for memory safety, the company has found that these rarefied attack chains virtually always still include exploitation of memory bugs.
“Known mercenary spyware chains used against iOS share a common denominator with those targeting Windows and Android: they exploit memory safety vulnerabilities, which are interchangeable, powerful, and exist throughout the industry,” Apple wrote in its Memory Integrity Enforcement announcement on Wednesday.
Apple has increasingly invested in memory safety with Swift and secure memory allocators that manage which regions of memory are “allocated” and “deallocated” for which data—a major factor in, and source of, memory safety vulnerabilities. But Memory Integrity Enforcement itself was originally inspired by work at the hardware level to protect code integrity even when a system has suffered memory corruption.
