Amidst a sea of eye-catching new announcements from Apple this week, the company also introduced advanced security features for its new iPhone 17 and iPhone Air models. According to Apple, these security enhancements are specially tailored to counteract surveillance vendors and the specific vulnerabilities they frequently exploit.
Named Memory Integrity Enforcement (MIE), this new tool is intended to combat memory corruption flaws, which are among the vulnerabilities most often targeted by spyware creators and by those making forensic phone tools used by law enforcement.
“The mercenary spyware supply chain that targets iOS devices has something in common with those attacking Windows and Android: they all leverage memory safety flaws, which are versatile, powerful, and prevalent across the industry,” Apple stated in a blog post.
Cybersecurity specialists, including those who develop exploits for iPhones, told TechCrunch that this security development could make the latest iPhones among the most secure devices available. As a result, companies making spyware or zero-day vulnerabilities for infiltrating devices or extracting data will likely face greater challenges.
“The iPhone 17 is probably the world’s most secure internet-connected computing device now,” commented a security researcher with years of experience building and selling zero-days and other cyber tools to the U.S. government, in an interview with TechCrunch.
The researcher said that MIE will increase both the development time and financial costs required to produce exploits for the newest iPhones, pushing up prices for their clients.
“This is a major development,” said the researcher, who chose to remain unnamed due to the sensitivity of the topic. “It’s not completely invulnerable. But it’s the closest we’ve come to that. Perfection may never be possible, but this significantly raises the bar.”
Jiska Classen, a professor and iOS researcher at the Hasso Plattner Institute in Germany, also believes that MIE will make it more expensive to develop surveillance software.
Classen explained that some vulnerabilities and exploits currently used by spyware companies and security researchers will become ineffective once the new iPhones are released with MIE enabled.
“I can also imagine that, for a period, some mercenary spyware vendors will lack functional exploits against the iPhone 17,” Classen said.
“This will probably make things significantly harder for them,” said Patrick Wardle, who leads a startup focused on Apple device security products. “Of course, it’s always a game of cat and mouse.”
Wardle recommends that anyone concerned about spyware threats should consider upgrading to the latest iPhones.
Specialists interviewed by TechCrunch noted that MIE will reduce the effectiveness of both remote attacks, such as those using NSO Group’s Pegasus or Paragon’s Graphite, and physical attacks utilizing unlocking devices like Cellebrite or Graykey.
Addressing the “majority of exploits”
Most current devices, including today’s iPhones, operate on software developed in languages that are susceptible to memory-related glitches, often referred to as memory overflows or corruption bugs. If triggered, these bugs can cause data from one app to leak into other areas of the device’s memory where it doesn’t belong.
These memory flaws can let attackers gain unauthorized control over sections of a device’s memory. Once inside, malicious code can be installed to access a user’s sensitive data and transmit it over the internet.
MIE is designed to shield against widespread memory attacks by drastically shrinking the opportunities for memory vulnerabilities to be exploited.
Halvar Flake, a specialist in offensive cybersecurity, noted that “the overwhelming majority of exploits” stem from memory corruption issues.
MIE is based on the Memory Tagging Extension (MTE) technology initially created by Arm. Apple noted in its blog that over the past five years, it has collaborated with Arm to enhance these memory safety features, resulting in a product called Enhanced Memory Tagging Extension (EMTE).
MIE represents Apple’s version of this security advancement, leveraging the company’s unique control over both its hardware and software—which sets it apart from most other phone manufacturers.
Google provides MTE on select Android devices, and GrapheneOS, a security-centric custom Android operating system, also includes MTE .
However, some experts believe Apple’s MIE goes beyond these implementations. Flake commented that while the Pixel 8 and GrapheneOS are “almost on par,” the latest iPhones will be “the most secure mainstream” devices available.
MIE works by assigning a unique secret tag—similar to a password—to each memory segment on the newer iPhones. Only applications with the matching secret tag can access that memory. If there’s a mismatch, the security feature blocks access, the app crashes, and the event is recorded.
This crash and log mechanism is crucial, as spyware and zero-day exploits are more likely to trigger such crashes, making it simpler for Apple and security researchers to detect attacks.
“A single misstep can cause a crash, creating an artifact that defenders might recover,” said Matthias Frielingsdorf, vice president of research at iVerify, a company whose app helps shield phones from spyware. “Attackers already had reasons to avoid memory corruption.”
Apple did not reply to a request for comment.
MIE will be enabled by default across the system, protecting key apps like Safari and iMessage, which are potential entry points for spyware. However, for third-party apps, developers will need to implement MIE support themselves, and Apple has released an EMTE version for them to use.
In summary, MIE represents a significant advancement in device security, but its real-world impact will depend on how many developers adopt it and how many users upgrade to new iPhones.
Some attackers will still manage to find vulnerabilities.
“MIE is a positive development and may have a major impact. It could raise the barriers for attackers and even force some out of the market,” Frielingsdorf said. “Yet, there will always be malicious actors who can adapt and continue their activities.”
“As long as there is demand, there will be supply,” Frielingsdorf added.
