BaderSep 10, 2025
HalvarFlake
I have often stated that well-implemented memory tagging will be a game changer for memory corruptions. And it seems that with the next iPhone it's finally here: https://security.apple.com/blog/memory-integrity-enforcement/
Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research

Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first, always-on memory safety protection across our devices — without compromising our best-in-class device performance. We believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.

Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research
Sep 10, 2025 at 8:09amWeb
Show threadCorsacSep 10, 2025
@HalvarFlake I guess we might be able to thank @madcoder as well for some of it
Show threadNico ErfurthSep 10, 2025
@HalvarFlake And on the other end of the spectrum we've got LLMs and agents where people think that mixing instructions and data together is a great idea. While providing more and more Interfaces these systems can call without having a proper authorisation method in place.
Show threadstefan brunthalerSep 10, 2025
@HalvarFlake Essentially all memory tagging solutions suffer from PACMAN-style attacks, tough. The blog post states a somewhat cryptic "[...] so we designed a completely novel mitigation that limits the effective reach of Spectre V1 leaks — at virtually zero CPU cost — and forces attackers to contend with type segregation." No further details provided, so I guess we have to wait and see? 🤷‍♂️
Show threadstefan brunthalerSep 10, 2025
@HalvarFlake Hmmm, well, with some more time to think about it (and lunch), I believe a PACMAN-style attack should still be possible based on the information provided. Their novel Spectre v1 attack limits reachability (at zero cost probably just cutting off larger indexes), but for a PACMAN-style attack I don't particularly care about reachability, just about validity of a tag. (Apologies to anyone who had planned to write an Oakland paper about this...).
Show threadaadetugboSep 10, 2025

@HalvarFlake what does this mean in practice?

Zero days and IOS specific malware are much harder to write??

So the security conscious should move to the new iPhones and iPads when they arrive???