Most active commenters

    ←back to thread

    Memory Integrity Enforcement

    (security.apple.com)
    458 points circuit | 12 comments | 09 Sep 25 18:25 UTC | HN request time: 0.963s | source | bottom
    1. superkuh ◴[09 Sep 25 20:26 UTC] No.45188404[source]
    This is the opposite of fun computing. This is commercial computing who's only use case it making sure that people can send/receive money through their computers securely. I love being able to peek/poke inside and look at my processes ram, or patch the memory of an executable. All this sounds pretty impossible on Apple's locked down systems.

    They're not so much general purpose computers anymore as they are locked down bank terminals.

    replies(5): >>45188497 #>>45188820 #>>45189281 #>>45189649 #>>45196686 #
    2. user3939382 ◴[09 Sep 25 20:32 UTC] No.45188497[source]
    Bingo. None of this is for users. Apple somehow managed to put on a marketing mask of user respect when they’re at least as user abusive as anyone else.
    replies(2): >>45188809 #>>45192219 #
    3. astrange ◴[09 Sep 25 20:48 UTC] No.45188809[source]
    https://www.theguardian.com/news/2022/jan/17/two-female-acti...
    replies(1): >>45193917 #
    4. astrange ◴[09 Sep 25 20:49 UTC] No.45188820[source]
    If you like using debuggers, don't worry, MTE gives you a lot more chances to use them since it finds a lot more crashes. It doesn't stop you writing to memory though, as long as it's the correct type.

    PAC may stop you from changing values - or at least you'd have to run code in the process to change them.

    5. b_e_n_t_o_n ◴[09 Sep 25 21:14 UTC] No.45189281[source]
    I think if you want to tinker with hardware, you shouldn't buy Apple. It's designed for people who use it as a means to an end, and I think that's a good thing for most people (including me). I want to bank on hardware that I can trust to be secure. Nothing wrong with building your own linux box for play time though.
    6. nine_k ◴[09 Sep 25 21:43 UTC] No.45189649[source]
    It's all fun and games until somebody else patches the RAM of your device, and sends your money away from your account.

    More interesting is how to trace and debug code on such a CPU. Because what a debugger often does is exactly patching an executable in RAM, peeks and pokes inside, etc. If such an interface exists, I wonder how is it protected; do you need extra physical wires like JTAG? If it does not, how do you even troubleshoot a program running on the target hardware?

    replies(1): >>45190429 #
    7. saagarjha ◴[09 Sep 25 22:44 UTC] No.45190429[source]
    You disable mitigations for those processes.
    8. pparanoidd ◴[10 Sep 25 02:05 UTC] No.45192219[source]

       >None of this is for users
    Your hatred for apple has made you genuinely delusional
    replies(1): >>45194233 #
    9. bigyabai ◴[10 Sep 25 06:09 UTC] No.45193917{3}[source]
    It's detestable how Apple handled the aftermath of this: https://en.wikipedia.org/wiki/FORCEDENTRY

      In November 2021, Apple Inc. filed a complaint against NSO Group and its parent company Q Cyber Technologies in the United States District Court for the Northern District of California in relation to FORCEDENTRY, requesting injunctive relief, compensatory damages, punitive damages, and disgorgement of profits but in 2024 asked the court to dismiss the lawsuit.
    The perpetrators were caught red-handed and let, go by Apple! This crime can, will, and has continued to happen due to the negligence of Apple's leadership. No doubt influenced by Tim Cook's obligation to the White House and their friends.
    replies(1): >>45194645 #
    10. user3939382 ◴[10 Sep 25 07:02 UTC] No.45194233{3}[source]
    A company who cared about users instead of its own profits wouldn’t do any of the things Apple does. Who’s really the naive one here?
    11. saagarjha ◴[10 Sep 25 08:01 UTC] No.45194645{4}[source]
    If I remember correctly the Israeli government stepped in and seized all the material that Apple could use in the lawsuit, so there was no point in continuing.
    12. snowwrestler ◴[10 Sep 25 12:30 UTC] No.45196686[source]
    It’s a shame you’re getting downvoted because I think you’re correct, and this is a perfectly valid opinion to hold.

    I would respond by saying that sometimes I actually want a locked-down bank terminal (when I’m banking for example), and I appreciate the opportunity to buy one.

    Computing hardware in general is way less expensive and more abundant than it used to be, so there are still many options in the marketplace for people to peek and poke into.