Apple says the iPhone 17 comes with a massive security upgrade

is a senior editor following news across tech, culture, policy, and entertainment. He joined The Verge in 2021 after several years covering news at Engadget. It’s less noticeable than a thinner profile or trick camera lenses, but Apple is pointing out another upgrade in the iPhone 17 family of phones that it says is part of “the most significant upgrade to memory safety in the history of consumer operating systems.” Explicitly targeting the spyware industry that produces exploits for tools like Pegasus to hack on targeted devices, a series of changes in Apple’s chips, OS, and development tools are part of what it calls Memory Integrity Enforcement (MIE). With the introduction of the iPhone 17 lineup and iPhone Air, we’re excited to deliver Memory Integrity Enforcement: the industry’s first ever, comprehensive, always-on memory-safety protection covering key attack surfaces — including the kernel and over 70 userland processes — built on the Enhanced Memory Tagging Extension (EMTE) and supported by secure typed allocators and tag confidentiality protections. The approach is similar to what we’ve seen from Microsoft’s introduction of memory integrity security features for Windows 11, as well as a series of changes that have arrived to prevent speculative-execution vulnerabilities like Spectre. Apple’s blog post also mentions efforts by ARM with the Memory Tagging Extension (MTE) to fight memory bugs, which is supported on Google’s Pixel phones starting with the Pixel 8 series and enabled for supported apps if you turn on Advanced Protection. Apple says its implementation goes a step further, with the ability to protect all users by default and by designing its A19 and A19 Pro chips for enhanced security, while still adding memory safety changes for older hardware that doesn’t support the new memory tagging features. The company also says its new mitigation for Spectre V1 leaks works with “virtually zero CPU cost” — as performance hits have been an issue for memory integrity and other security features — with all of the changes making “mercenary spyware” even more expensive to develop. The folks behind the security-focused GrapheneOS project acknowledged the “major security improvements” that will help iPhone security in a post on X, but also said they had issues with the presentation and how it portrayed iOS security versus features like MTE, already released for Android. We’ll learn more about how much has changed once these updates reach devices and attackers take their turn trying to crack open the iPhone 17 and iPhone Air’s security.