Security Now #1043: Memory Integrity Enforcement
September 17, 2025
Host: Leo Laporte
Guest: Steve Gibson
Overview
In this dense “propeller-hat” episode, Steve Gibson and Leo Laporte tackle the most significant and technical security development in the last decade: Apple’s implementation of Memory Integrity Enforcement (MIE) in its new A19 silicon, designed to eliminate nearly 90% of software exploit vectors. The pair also covers recent security news: Bitcoin ATM predation, high-profile ransomware fallout, school hacks, and further moves by global regulators on privacy and adult content. Gibson takes listeners deep into Apple’s five-year hardware journey to harden memory safety and potentially render most memory-based exploits obsolete.
News Roundup
[00:54] – Episode Theme and Intro
- Leo: “Who would have thought it? Russia's new enforced messenger has startup problems. What a shock. Steve’s going to tell the story of how he hacked the dorm washing machines. And then we’re going to talk about an amazing improvement Apple has made to its own chips…may eliminate 90% of security problems.”
- Steve: “Our listeners always say they like our deep propeller-head episodes. Well, get out your galoshes because this one's going to be deep.”
[02:59] – Security News Topics (Quick Hits)
- Bitcoin ATMs: Are they “scamming terminals”?
- Two ransomware incidents: Uvalde school district and Jaguar Land Rover.
- Scattered Lapsus Hunters group – rumor of disbanding.
- Germany to vote “no” on the EU's “chat control.”
- Russia’s “Max Messenger” startup and security woes.
- UK school hacks (spoiler: “made by students”).
- HackerOne’s own hack, supply chain vulnerability.
- Amsterdam smart washing machine hacks.
- Blue Sky’s conditional age verification.
- Global Privacy Control enforcement ramping up.
Key Security Stories
[14:06] – The Predatory Nature of Bitcoin ATMs
- DC Attorney General sues Athena Bitcoin, alleging 93% of DC ATM deposits were scam-related.
- Steve: “Only 7% of Athena’s Bitcoin ATM transactions were legitimate... The median loss per victim was $8,000, and the median age was 71.”
- Hidden transaction fees up to 26%, well above competitors’ 0.24-3%.
- “The scammers were deliberately, specifically targeting the less technical elderly population in Washington D.C.”
- [20:36] Leo: “Do you think these elderly… thought they were going to put cash in this machine and get a solid gold Bitcoin?”
- Highlights urgent need for consumer protection at the intersection of crypto and vulnerable populations.
[22:55] – Ransomware Madness
Uvalde School District
- Shut down for a week post-attack (phones, security cams, visitor management, HVAC all affected).
- Steve: “The new goal for any enterprise’s internal security must be to harden itself against random people inside the organization clicking on links they should not."
- Emphasizes that “training alone is no longer sufficient” – real network segmentation/hardening is necessary.
Jaguar Land Rover
- Production halted for weeks, ripple effects bankrupting suppliers.
- Steve: “Talk about a supply chain attack… The ripple effects are revealing it to be perhaps one of the most significant cyber attacks in Britain’s history.”
[39:12] – Regulatory Moves & Privacy Battles
Chat Control in EU & German Resistance
- [39:12] Germany publicly opposes EU “chat control” proposals that would mandate backdoors into encrypted messengers, citing privacy and legal precedent.
- Steve: “Germany is opposed to breaking encryption … this is a very heavy lift [for chat control].”
Russia’s Max Messenger Debacle
- Report of instant account sales/rentals by hackers.
- Steve: “It’s not a slam-dunk to launch a new secure messaging service—even with western models to follow.”
School Hacks: Threats from Within
- [50:54] 57% of insider breaches in UK schools stem from students; 97% of stolen password attacks involved students.
- Steve: "Incorrect permissions, post-it notes under keyboards… I remember being that age. I was notorious for all manner of hijinks."
HackerOne and Supply Chain Attacks
- [54:46] HackerOne affected via the hacked Sales Loft Drift AI chat integration within Salesforce.
- Steve: “One of the recent trends is these AI chat windows popping up everywhere. If that chatbot backend gets popped, the blast radius is enormous.”
[65:33] – Washing Machines and Hacking Culture
- Amsterdam university reverts to coin-op machines after students hack “smart” machines for free use.
- Steve shares his own “insider” hack tale from UC Berkeley—“Imagine that. I never needed to bring laundry home on weekends for my mom to wash.”
Regulatory & Social Battlefronts
[80:02] – Blue Sky's Age Verification Policies
- Contrasting approaches: Mississippi’s social media law mandates age verification for all content (causing Blue Sky to pull out); South Dakota/Wyoming (and the UK) only require it for adult content.
- Leo: “Define ‘adult content’… Legislators are much broader than you and I might expect.”
- Discussion of ChatGPT and others moving to implement age “guessing” features to comply.
[85:14] – UK’s Age Verification Crackdown
- Ofcom opening investigations into major porn sites for “highly effective” age assurance compliance.
- Traffic drops off sharply at compliant sites; users flock to non-compliant alternatives.
- Steve gives a shout-out to Stina Ehrensvärd (Yubico) for her nonprofit’s work on privacy-forward ID and age verification.
[91:08] – Global Privacy Control Enforcement
- Joint AGs from California, Colorado, Connecticut investigate firms ignoring GPC signals—enforcement is beginning where "Do Not Track" failed.
Listener Feedback & Errata
[100:30] – Advanced Data Protection Status in UK Confirmed
- Listeners confirm ADP remains grandfathered for those who activated it; can no longer newly enable, but hasn’t been forcibly removed (yet).
[102:49] – Clever Insight: Tracking Age via State-to-State Site Browsing
- A listener points out a potential to triangulate user age across variable state law thresholds using zero-knowledge proofs; demonstrates privacy’s nuanced challenges.
Deep Dive: Memory Integrity Enforcement (MIE)
[115:04] – Setting the Stage
- Steve: “Apple’s big September 2025 product announcement included a technical capability which garnered much less attention, but was perhaps more important in the long run… Memory Integrity Enforcement in the new A19 silicon.”
- Leo: “Is this like ASLR?”
- Steve: “No, if the only problems in security were use-after-free and buffer overruns … they’re all gone. It’s huge.”
[119:43] – Why Is This Needed?
- Despite Apple’s best efforts and no mass iPhone malware, “mercenary spyware” attacks (expensive, state-sponsored, highly targeted) keep finding exploit chains—virtually all rely on memory safety vulnerabilities (use-after-free, buffer overflows, etc).
[121:08] – Layers of Memory Protection Prior to MIE
- Swift language adoption for memory safety
- Specialized secure allocators for kernel and user memory
- Pointer Authentication Codes (PAC) in A12 for code flow integrity
- Multiple software mitigations: ASLR, stack cookies, refcounts, etc
- “All eventually worked around by highly motivated attackers.”
Enter ARM’s Memory Tagging Extension (MTE) [2019]
- Let’s hardware monitor memory accesses with per-allocation “tags” (colors).
- Designed as a debugging aid—not as an always-on, adversarial security measure.
- Limitation: Overhead, incomplete protection, not sufficiently synchronous; allowed for gaps.
Apple’s Journey: Beyond Debugging Tools
- Collaborated with ARM on Enhanced MTE (EMTE) [2022] to close numerous security gaps:
- Synchronous enforcement: Immediate crash/block on tag mismatch; no attacker “race windows.”
- Full-stack, always-on: Not just opt-in or only during debugging.
- Non-tagged regions: Prevented “untagged” memory from being attack targets.
- Tag confidentiality enforcement: Protects tag values against side-channel and speculative execution attacks.
[146:47] – How MIE Works (Technical Details)
- Allocations receive a 4-bit “tag”. Adjacent memory allocations always have different tags.
- Prevents buffer overflows—if you try to access outside your allocation, the hardware sees a tag mismatch and kills your process.
- Use-after-free defeated: When memory is freed, its tag changes. Old pointers+tags can't match if memory is reused.
- Everything is synchronous and always-on (ends “race windows").
- Secure typed allocators ensure type isolation (reduce type confusion attacks).
- All 70+ critical processes and the kernel: memory accesses now enforced by MIE.
[149:12] Stand-Out Quote (Steve):
“If some adversary were able to arrange to compromise an application to obtain access to both its memory and its associated memory access tag, it would be unable to read or write outside of the application’s allocated memory region. ... Use-after-free vulnerabilities are similarly prevented by having the allocator change the access tag after any freed memory is released.” —[146:47]
[158:47] – Ramifications
- Will this eliminate all iPhone-level vulnerabilities?
- Not all—some attacks are outside memory errors, but “likely 95%+ of the exploit landscape.”
- Steve: “I think what it means is we’re going to be rebooting our phones for software security updates much less often… Apple won’t be in a panic needing to protect us against the latest zero day.”
- Leo: “Apple has locked things down so much it’s hard for security researchers to work on iPhones—but they have a special security research device program.”
- Steve: “No other company has made this sort of commitment…Apple has moved an unprecedented percentage of their silicon real estate just for this.”
Noteworthy Quotes / Moments
- On why simple “wash-after-use” doesn’t work (Zeroing memory on free):
- “You’d have to stop everything to zero it... There’s a whole bunch of stuff going on behind the scenes…” —[141:50 Steve Gibson]
- On wash-hack nostalgia:
- “Not that I would have had anything to do with that… but let’s just say that I never brought laundry home to my mom.” —[65:10 Steve Gibson]
- On today’s DDOS floods:
- “To this day, and probably forever more, that incredibly elegant [internet packet routing] system is utterly and completely vulnerable to packet generation abuse. And there is no way to fix it. None." —[75:44 Steve Gibson]
- On adversary incentives:
- “There will come a time … when the cost to develop any new exploit, if it’s even possible, has become so high that even the highest and most capable exploit developers… give up on Apple and switch to more attackable platforms” —[153:54 Steve Gibson]
Notable Timestamps
- 00:54 Propeller hat alert; main theme intro.
- 14:06 Bitcoin ATM lawsuit and scam statistics.
- 22:55 Uvalde ransomware attack & security training realism.
- 32:24 Jaguar Land Rover ransomware: supply chain economic crisis.
- 39:12 Regulatory segment: chat control, Russia, and Samsung WhatsApp chain attacks.
- 50:54 UK school hacks and student motivation.
- 54:46 Supply chain attack on HackerOne via Salesforce/AI chatbot.
- 65:33 Amsterdam’s hacked washing machines.
- 80:02 Blue Sky’s conditional age verification.
- 115:04 MIE segment starts: A19 announcement and scale of Apple’s work.
- 141:06 MIE technical deep dive; summary of protections.
- 149:12 How 4-bit tags defeat overflows/use-after-free.
- 158:29 Will MIE stop even nation-state attackers?
- 163:00 Podcast wrap and reminiscing.
Summary
Security Now #1043 provides both an extraordinary technical education and a comprehensive current affairs overview. Steve Gibson continues to push the discussion on enterprise/organizational hardening, the futility of vulnerability training alone, and the continuing rise of supply chain risks—in parallel, he delivers one of his most in-depth explanations ever of hardware-based security advances. Apple’s new Memory Integrity Enforcement, the result of five years’ work, represents a “take-no-prisoners” stance on memory safety that could cut off nearly all attack vectors used by advanced, state-sponsored hackers. This episode is essential listening (or reading) for anyone who cares about the future of computing security—or simply wants to know why their iPhone (and the rest of the industry) is about to get a lot harder to hack.