←back to thread

Memory Integrity Enforcement

(security.apple.com)
458 points circuit | 1 comments | 09 Sep 25 18:25 UTC | HN request time: 0s | source
Show context
tptacek ◴[09 Sep 25 18:51 UTC] No.45186809[source]
Both approaches revealed the same conclusion: Memory Integrity Enforcement vastly reduces the exploitation strategies available to attackers. Though memory corruption bugs are usually interchangeable, MIE cut off so many exploit steps at a fundamental level that it was not possible to restore the chains by swapping in new bugs. Even with substantial effort, we could not rebuild any of these chains to work around MIE. The few memory corruption effects that remained are unreliable and don’t give attackers sufficient momentum to successfully exploit these bugs.

This is great, and a bit of a buried lede. Some of the economics of mercenary spyware depend on chains with interchangeable parts, and countermeasures targeting that property directly are interesting.

replies(3): >>45188753 #>>45190761 #>>45191353 #
commandersaki ◴[09 Sep 25 23:12 UTC] No.45190761[source]
RIP Vigilant Labs

Okay a bit drastic, I don’t really know if this will affect them.

replies(1): >>45191014 #
1. tptacek ◴[09 Sep 25 23:35 UTC] No.45191014[source]
I think they're going to print money hats, but we'll see. Remember: there isn't a realistic ceiling on what NATO-friendly intelligence and law enforcement agencies will pay for this technology; it competes with human intelligence, which is nosebleed expensive.