Memory Integrity Enforcement
Apple (Ivan Krstić, Hacker News):
Arm published the Memory Tagging Extension (MTE) specification in 2019 as a tool for hardware to help find memory corruption bugs. MTE is, at its core, a memory tagging and tag-checking system, where every memory allocation is tagged with a secret; the hardware guarantees that later requests to access memory are granted only if the request contains the correct secret. If the secrets don’t match, the app crashes, and the event is logged. This allows developers to identify memory corruption bugs immediately as they occur.
[…]
Our analysis found that, when employed as a real-time defensive measure, the original Arm MTE release exhibited weaknesses that were unacceptable to us, and we worked with Arm to address these shortcomings in the new Enhanced Memory Tagging Extension (EMTE) specification, released in 2022.
[…]
Today we’re introducing the culmination of this effort: Memory Integrity Enforcement (MIE), our comprehensive memory safety defense for Apple platforms. Memory Integrity Enforcement is built on the robust foundation provided by our secure memory allocators, coupled with Enhanced Memory Tagging Extension (EMTE) in synchronous mode, and supported by extensive Tag Confidentiality Enforcement policies. MIE is built right into Apple hardware and software in all models of iPhone 17 and iPhone Air and offers unparalleled, always-on memory safety protection for our key attack surfaces including the kernel, while maintaining the power and performance that users expect. In addition, we’re making EMTE available to all Apple developers in Xcode as part of the new Enhanced Security feature that we released earlier this year during WWDC.
[…]
Both approaches revealed the same conclusion: Memory Integrity Enforcement vastly reduces the exploitation strategies available to attackers. Though memory corruption bugs are usually interchangeable, MIE cut off so many exploit steps at a fundamental level that it was not possible to restore the chains by swapping in new bugs. Even with substantial effort, we could not rebuild any of these chains to work around MIE. The few memory corruption effects that remained are unreliable and don’t give attackers sufficient momentum to successfully exploit these bugs.
MIE represents what Apple calls “the most significant upgrade to memory safety in the history of consumer operating systems.” That’s a bold claim, but when you dig into what they’ve built, it does not at all seem like an exaggeration. This isn’t just a security patch or minor improvement. It’s the culmination of five years of hardware and software work that fundamentally changes how iPhones protect themselves.
The key insight here is that Apple didn’t just push some new software protection. Instead, they redesigned their approach from the ground up, creating a system where the hardware and software work together in ways that weren’t possible before. The new A19 and A19 Pro chips dedicate an extraordinary amount of silicon resources to security, more than ever before, including special areas for storing security tags and processing power dedicated entirely to checking memory access.
Apple seems very salty that Google shipped MTE first, dropping shade several times about how Android’s isn’t ‘comprehensive.’ 😂
True, but when have Apple’s mitigations ever been flawless?
That said, yeah…Apple’s version looks way better.
Pixels have provided hardware memory tagging (MTE) support since the Pixel 8. GrapheneOS deployed it in production around a month after the launch of the Pixel 8 and we use it for the kernel and nearly the entire base OS. We use it for some third party apps and users can opt-in to using it for all.
There have been multiple revisions of ARM MTE. FEAT_MTE4 (Enhanced Memory Tagging Extension) is the 4th generation of ARM MTE improvements, not the beginning of it. The baseline feature was already a game changer for defending devices. The improvements will make their way to devices providing it.
[…]
Unlike iPhone users, GrapheneOS users have been well protected by attacks from Cellebrite and other exploit development companies.
[…]
ARM shipped MTE support multiple years before Apple in their Cortex cores. Yes, it was discovered to have a side channel usable by local attackers. This doesn’t ruin it. MTE only has 4 bit tags which is a bigger weakness than the side channel. MTE still paves the way for stronger future features.
Apple has far more severe side channels in their hardware which leak user data. It’s strange to portray leaking tags as a severe issue ruining a feature when they’ve consistently downplayed the impact of endless side channels vulnerabilities directly leaking sensitive user data on iPhones and Macs.
Previously:
