Apple’s work on hardening the memory allocator has made it harder for attackers to exploit certain classes of software vulnerabilities on iOS and Mac devices, the company’s security engineers wrote on a new website Apple launched to share technical details behind iOS and MacOS security technologies.
The new initiative, Apple Security Research, also offers tools to help security researchers report issues to Apple, get real-time status updates for submitted reports, communicate securely with Apple engineers investigating the issue, and provides information about the Apple Security Bounty program. The intent behind the new security hub is to share with the research community how Apple engineers approach security challenges, and also to invite researcher contributions and feedback.
Memory safety is a key area of focus, especially since memory safety violations are the most widely exploited class of software vulnerabilities. On Apple platforms, improving memory safety includes “finding and fixing vulnerabilities, developing with safe languages, and deploying mitigations at scale,” the engineers wrote in a technical post on XNU memory safety.
XNU is the kernel at the core of iPhones, iPads, and Macs.
Much of the code running on the iPhone, iPad, and Mac were written using “memory-unsafe” programming languages, which means they don’t prevent memory safety violations and developers can inadvertently and unknowingly violate memory safety rules while writing code, the researchers wrote. Those issues can be exploited by attackers to crash software, execute unauthorized command, and harvest sensitive information.
It is infeasible to rewrite large amounts of existing code using memory-safe languages, so “improving memory safety is an important objective for engineering teams across the industry,” the engineers wrote.
Apple laid the groundwork for the hardened memory allocator kalloc_type back in iOS 14 when it introduced kheaps, the data split, and virtual memory sequestering. Apple added randomized bucketed type isolation to the zone allocator when it introduced kalloc_type in iOS 15. With the release of iOS 16 and macOS Ventura, the hardened allocator is now available on all the systems using the XNU kernel.
“Our fundamental strategy is to design an allocator that makes exploiting most memory corruption vulnerabilities inherently unreliable,” the researchers wrote. “This limits the impact of many memory safety bugs even before we learn about them, which improves security for all users.”
In Apple’s update on its bounty program, the company said it has awarded close to $20 million to security researchers over the past two-and-a-half years since the program was launched. While average payouts are around $40,000 in the product category, the company has paid 20 separate rewards over $100,000 for high-impact issues. Evaluation criteria researchers need to meet in order to collect bounties are available on Apple Security Research.