Apple’s latest iPhone security feature just made life more difficult for spyware makers

A grave Ocean This week, Tech Giant has published new security technology for its latest iPhone 17 and iPhone air device. According to Apple, this new security technology was created to fight surveillance vendors and to fight the most dependent type.

The feature is called the Memory Integrity Enforcement (MIE) and is designed to help stop memory corruption bugs, which are some common weaknesses absorbed by the manufacturers of phone forensic devices used by spyware developers and law enforcement.

Apple writes, “Tenant Spyware Chains used against iOS share a common derinator that targets Windows and Android: they use memory protection weaknesses, which exist throughout the industry and exist throughout the industry,” Apple wrote. In its blog postThe

Cybercquire experts, who make hacking equipment and absorb for iPhones, tell TechCrunch that this new security technology can create Apple’s new iPhones the most secure devices on the planet. The results for companies that make spyware will make life stronger Zero-day Spyware on a target phone absorbs for spyware planting or extracting data from them.

“The iPhone7 17 is probably the most secure computing environment of the planet that is still connected to the Internet,” a protective researcher who has worked on the US government to develop and sell the US government for years and other cyber capacity for years.

The researcher told TechCrunch that MIE would increase the cost and time to develop their absorption for the latest iPhones and result in raising their prices to pay customers.

“This is a huge deal,” the researcher said, who asked to be anonymously to discuss sensitive issues. “This is not a hack proof. But this is the closest thing that we have to hack our proof that this is never 100% perfect but it raises the most part.”

Jiska Classen, a professor and researcher who studied the iOS at the Hasso Platner Institute in Germany, agreed that MIE would increase the cost of surveillance technology development.

Classen said that this is because spyware companies and researchers have some bugs and exploitation that the new iPhones are currently finished and MIE will stop working after it is implemented.

“I can even imagine that some tenant spyware does not work for the iPhone 17 for a specified time window,” Classen said.

“It will make their lives logically infinitely more difficult,” a researcher says Patrick Warden Who runs a startup It produces the product, especially for the Apple device. “Of course it is carefully called that it is always a cat and mouse game.”

Warden said that people concerned about being hacked with spyware should be upgraded to new iPhones.

Experts talked to TechCrunch that both MIE would reduce the functionality of distant hacks, such as launching the NSO group with spyware like pegasus and paragon graphite. It will also help protect the physical device from hacks, such as the unlocking hardware like a phone like celery or grakes.

To take “mostly absorb”

Most modern devices, including most iPhones today, operate the software written in programming language that are at risk of memory -related bugs, often called memory overflow or corruption bugs. When triggered, a memory bug can spread the content of memory from an application to any user device where it should not go.

Memory -related bugs allows malicious hackers to access and control parts of a device that should not be allowed. Access can be used to plant contaminated code that is able to achieve a wide access to a person’s data stored in the phone’s memory and exfiltrate it on the Internet connection of the phone.

MIE noticed that the attack against these types of broad memory greatly reduces the surface where memory weaknesses can be used.

According to Halwar Flek, an expert in aggressive cyber social investigation, memory corruption is “a vast majority of exploitation.”

MIE is built in a technology Memory tagging extension (MTE) Originally developed by the Chipmaker arm. In his blog post, Apple says that in the last five years it has worked to improve and improve memory protection features with ARM as a product called enhanced memory tagging extension (EMTE).

MIE is the implementation of Apple’s new protection technology, which plays the full control of Apple’s technology stack, opposite the competitors to create most of its phone from software to hardware.

Google Offers MTE For some Android devices; A custom version of the protection-centric graphinios, a custom version of Android, also Offers MTEThe

However, other experts say Apple’s MIE has gone one step further. Flyke says Pixels 8 and Graffinios are “almost comparable”, but the new iPhones will be the “most secure mainstream” device.

MIE works effectively with its own unique password with a secret tag with each piece of memory on a new iPhone. This means that applications with only those secret tags can access in the future physical memory. If the secret does not match, the security protection is blocked by kicking the request, the app will crash and the event will be logged.

This crash and log are especially significant since spyware and zero-day crash is more likely to trigger the crash, it makes it easier to investigate the attacks for Apple and security researchers.

“An incorrect step will lead to crash and potential recoverable patterns for a defender,” Mattheus Freilingsdorf, vice president of Ivyfi’s research, is creating an application to protect smartphones from spyware. “The attackers already had an enthusiasm for avoiding memory corruption.”

Apple did not respond to any request for comment.

The MIE default system will be widely operational, which means it will protect applications such as safari and imesage, which can be entry-point for spyware. However, third -party applications need to be applied to MIE in their own way to improve their users’ protection. Apple Has released a version of EMTE To do this for developers.

In other words, MIE is a huge step in the right direction, but it will take some time to see how many developers apply it and how many people buy a new iPhone.

Some attackers will inevitably find a way still.

“MIE is a good thing and it can even be a big deal It can significantly increase the cost for the attackers and even get some of them out of the market,” said Freezdorf. “But there’s a lot of bad actors that can still find success and maintain their business.”

“Buyers will be there as long as buyers are there,” said Freilingsdoroff.