CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Apple introduces Memory Integrity Enforcement in iPhone 17 and iPhone Air

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Apple has introduced Memory Integrity Enforcement (MIE) in its new iPhone 17 and iPhone Air models. MIE provides continuous memory safety protection across critical attack surfaces, including the kernel and over 70 userland processes, without impacting device performance. The feature is designed to prevent memory corruption vulnerabilities, which are often exploited by mercenary spyware in targeted attacks. MIE leverages Enhanced Memory Tagging Extension (EMTE) and Tag Confidentiality Enforcement (TCE) to block common vulnerabilities like buffer overflows and use-after-free bugs. These enhancements make it significantly harder for attackers to exploit memory corruption flaws.

Timeline

  1. 10.09.2025 13:21 1 articles · 22d ago

    Apple introduces Memory Integrity Enforcement in iPhone 17 and iPhone Air

    Apple has unveiled Memory Integrity Enforcement (MIE) in its new iPhone 17 and iPhone Air models. MIE provides continuous memory safety protection across critical attack surfaces, leveraging Enhanced Memory Tagging Extension (EMTE) and Tag Confidentiality Enforcement (TCE) to block common memory corruption vulnerabilities. This feature is designed to prevent memory corruption flaws, which are often exploited by mercenary spyware in targeted attacks.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Battering RAM Attack Bypasses Intel and AMD Cloud Security Protections

A group of academics from KU Leuven and the University of Birmingham have demonstrated a new vulnerability called Battering RAM. This vulnerability bypasses the latest defenses on Intel and AMD cloud processors, compromising Intel's Software Guard Extensions (SGX) and AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The attack leverages a custom-built, low-cost DDR4 interposer hardware hack to stealthily redirect physical addresses and gain unauthorized access to protected memory regions. The vulnerability affects systems using DDR4 memory, particularly those relying on confidential computing workloads in public cloud environments. Successful exploitation can allow a rogue cloud infrastructure provider or insider with limited physical access to compromise remote attestation and enable the insertion of arbitrary backdoors into protected workloads. The vulnerability was reported to the vendors earlier this year, but defending against Battering RAM would require a fundamental redesign of memory encryption itself. The attack is an evolution of the previous BadRAM attack, which exploited physical address aliasing to modify and replay encrypted memory on AMD SEV-SNP systems. The Battering RAM attack introduces dynamic memory aliases at runtime, allowing it to bypass Intel's and AMD's mitigations for BadRAM. Researchers from Georgia Institute of Technology and Purdue University have demonstrated a new attack called WireTap that also bypasses Intel's SGX security guarantees. WireTap uses a DDR4 memory-bus interposer to passively decrypt sensitive data, exploiting Intel's deterministic encryption. The WireTap attack can extract an SGX secret attestation key, allowing an attacker to sign arbitrary SGX enclave reports. WireTap and Battering RAM attacks are complementary, focusing on confidentiality and integrity respectively. WireTap can be used to undermine confidentiality and integrity guarantees in SGX-backed blockchain deployments. Intel and AMD have acknowledged the exploits but consider physical attacks on DRAM out of scope for their current products. Intel's cryptographic integrity protection mode of Intel Total Memory Encryption-Multi-Key (Intel TME-MK) can provide additional protection against alias-based attacks. The researchers' exploits demonstrate that confidential computing is not invincible, and defenders should reevaluate threat models to better understand and prepare for physical attacks.

Open in new tab

Cisco IOS and IOS XE SNMP Zero-Day Exploited in Attacks

Cisco has released security updates to address a high-severity zero-day vulnerability (CVE-2025-20352) in Cisco IOS and IOS XE Software. The flaw is a stack-based buffer overflow in the Simple Network Management Protocol (SNMP) subsystem, actively exploited in attacks. This vulnerability allows authenticated, remote attackers to cause denial-of-service (DoS) conditions or gain root control of affected systems. The vulnerability impacts all devices with SNMP enabled, including specific Cisco devices running Meraki CS 17 and earlier. Cisco advises customers to upgrade to a fixed software release, specifically Cisco IOS XE Software Release 17.15.4a, to remediate the vulnerability. Temporary mitigation involves limiting SNMP access to trusted users and disabling the affected Object Identifiers (OIDs) on devices. Additionally, Cisco patched 13 other security vulnerabilities, including two with available proof-of-concept exploit code. Cisco also released patches for 14 vulnerabilities in IOS and IOS XE, including eight high-severity vulnerabilities. Proof-of-concept exploit code exists for two of the vulnerabilities, but exploitation is not confirmed. Three additional medium-severity bugs affect Cisco’s SD-WAN vEdge, Access Point, and Wireless Access Point (AP) software.

Open in new tab

Image I/O Framework Zero-Day Exploited in Targeted Attacks

The zero-day vulnerability CVE-2025-43300 in Apple's Image I/O framework was exploited in targeted attacks against specific individuals. The flaw, an out-of-bounds write issue, was used in combination with a WhatsApp zero-day flaw (CVE-2025-55177) in sophisticated attacks potentially involving nation-state actors or spyware activity. The vulnerability affects multiple iOS, iPadOS, and macOS versions, as well as various iPhone, iPad, and Mac models. Apple has backported fixes for CVE-2025-43300 to older versions, including iOS 16.7.12, iPadOS 16.7.12, iOS 15.8.5, and iPadOS 15.8.5. Users are advised to update promptly to mitigate potential ongoing attacks. The flaw was discovered by Apple security researchers and impacts both older and newer devices. This is the seventh zero-day exploited in the wild since the start of the year. The flaw was addressed with improved bounds checking. Apple has patched a total of seven zero-day vulnerabilities exploited in the wild since the start of the year. The vulnerability was exploited in targeted attacks against specific individuals. Affected devices include iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPhone 8, iPhone 8 Plus, iPhone X, iPad Air 2, iPad mini (4th generation), iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation, iPod touch (7th generation), and Macs running macOS Sequoia, Sonoma, and Ventura. WhatsApp has also addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with the Apple flaw in targeted zero-day attacks. The WhatsApp vulnerability, CVE-2025-55177, is an insufficient authorization flaw in linked device synchronization messages. The flaw affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS version 2.25.21.78, and WhatsApp for Mac version 2.25.21.78. WhatsApp notified less than 200 users that they were targeted in an advanced spyware campaign over the last 90 days.

Open in new tab