Big quote: Apple has often claimed that its apps, services, and hardware devices offer better privacy than competing products from Google, Microsoft, Samsung, and other tech giants. The company has now gone one step further and publicly boasted that no successful, widespread malware attack has ever affected the iPhone.
Apple noted in a recent blog post that the only system-level attacks targeting iOS have been mercenary spyware, which are historically associated with state actors. These attacks typically use exploit chains executed by sophisticated hacking syndicates with massive financial backing.
Despite the relative safety iOS offers users, Apple is further fortifying its mobile platform with always-on memory-safety protection in the iPhone 17 lineup and iPhone Air. Memory Integrity Enforcement (MIE) is a hardware-based security system designed to protect against advanced mercenary spyware by defending against memory corruption vulnerabilities. Apple claims it is the world's first-ever protection mechanism covering a range of key attack surfaces, including the kernel and more than 70 user-space processes.
The company tested the new security protocol against sophisticated mercenary spyware attacks from the past three years. It concluded that the system will make exploit chains more expensive and problematic to develop and maintain, reducing the likelihood of successful attacks. Apple adds that the mechanism will also disrupt the most effective twenty-first-century exploitation techniques by limiting attackers' ability to exploit memory corruption vulnerabilities on iPhones.
Apple's claim that iPhones are relatively immune to hacking is mostly accurate, though the reality is more nuanced. The distinction between "widespread malware" and highly targeted threats holds some weight, as mercenary spyware attacks typically target a small number of high-profile users and do not affect regular consumers.
State-sponsored actors used the infamous Pegasus spyware to carry out one of the biggest attacks against iPhone users in 2016. The hack exploited iOS vulnerabilities to target journalists, politicians, and human rights activists in several countries over the past decade.
Apple has also faced multiple security breaches, including the infamous 'Celebgate' incident in 2014, when attackers leaked private photos and videos of dozens of celebrities online. Investigators from Apple and the FBI determined that the hackers primarily gained access through targeted phishing attacks and a vulnerability in Find My Phone. Apple has since patched the flaw.
There has never been a successful, widespread malware attack against iPhone, claims Apple
