| Website | https://fbiga.com |
| @FilippoBiga |
Adopting Memory Integrity Enforcement means protecting your users using best-in-class technologies when it comes to memory safety.
Check out our talk to learn more about MIE, its security model, and how to make the best out of it to protect your users
https://www.youtube.com/live/UZeSyodAszc?t=5252&si=WVmGadfosPk0Rjrt
If you’re an iOS app developer, there’s no better time than now to secure your app against memory safety vulnerabilities.
We had a great developer event yesterday where we talked about all the technologies that we use, which are now available for you to take advantage in your own apps.
Check out the recording on YouTube. https://www.youtube.com/live/UZeSyodAszc
And it comes with some pretty great documentation as well: https://github.com/apple-oss-distributions/libmalloc/blob/libmalloc-792.41.1/doc/xzone_malloc.md
Start from here if you want to understand the overall design of xzone malloc, what are the security features it implements and in general what a modern, performant yet security-focused allocator looks like.
xzone malloc is now open source! 🎉
https://github.com/apple-oss-distributions/libmalloc/tree/libmalloc-792.41.1/src/xzone_malloc
This is our new system allocator, built from the ground up to deliver state-of-the-art security mitigations (including full MTE support). It’s used by all user-space processes across all platforms and serves as a key cornerstone of MIE.
Even better, it achieves all this while improving performance over the previous implementation.
Working on it with such an exceptional team has been an absolute thrill and an honor.
Are you interested in bleeding-edge microarchitecture offensive security research, with a concrete impact on user security?
We have just opened a Microarchitecture Security Internship position at Apple, in SEAR LASER! ❤️🔥
Apply here: https://jobs.apple.com/en-us/details/200624069/microarchitecture-security-internship
“Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort [which] represents the most significant upgrade to memory safety in the history of consumer operating systems.”
I’m deeply grateful and proud to be part of this team.
And we're not stopping here. Onward we go, hope you will tag along!
https://security.apple.com/blog/memory-integrity-enforcement/
Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first, always-on memory safety protection across our devices — without compromising our best-in-class device performance. We believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.
kalloc_type was really only the fist step, of a much larger protection.
We call it Memory Integrity Enforcement.
https://security.apple.com/blog/memory-integrity-enforcement/
Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first, always-on memory safety protection across our devices — without compromising our best-in-class device performance. We believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.
Hear about new ways to interoperate between languages without fear in Safely mix C, C++, and Swift
🆕⚛️🔐 Starting with iOS 26, CryptoKit gets support for quantum-secure cryptography with algorithms such as ML-KEM, ML-DSA and HPKE with X-Wing:
https://developer.apple.com/documentation/cryptokit/using-the-quantum-secure-apis
👉 Join us for a session on how to protect your app's user data from the emerging threat of quantum computing!
https://developer.apple.com/videos/play/wwdc2025/314
Pietro Borrello
Pierre H.
mikeash
Ben Cohen
Frédéric Jacobs