MIE Soft Mode

30 January 2026

I wrote previously that I was having difficulty making Apple's Memory Integrity Enforcement feature do what it says on the tin. After getting some help from Eskimo on the developer forums I'm pleased to report that it does work. Somewhat. In its current form it's not as impressive as I hoped, and I feel like there are still some bugs lurking.

The thing that tripped me up most is that we're not allowed to use "hard mode" yet. This means it's impossible to reproduce exactly what was demoed in Apple's video. It turns out this was called out in the Xcode 26.1.1 release notes, which I guess I should be reading if I want to play with brand new features:

When enabling Hardware Memory Tagging under Enhanced Security (Capabilities editor -> Enhanced Security -> Memory Safety -> Enable Hardware Memory Tagging), all applications will currently run under Soft Mode irrespective of the Soft Mode for Memory Tagging option.

What this means in normal English is that, for now, MIE will not actually protect anything in your app unless you're running under the Xcode debugger with a special setting enabled. It will observe the memory corruption, allow it to proceed, and log a fake crash report with the backtrace. This is not completely terrible—as a developer you will at least be able to find out when corruption is occurring so you can put out a fix. Sadly, we're not yet at the promise of "your phone would sooner terminate the app than allow memory corruption to occur", which is what you actually want for protection from malicious parties. Watch this space, I guess.

Even this new information doesn't fully explain what I saw a couple of weeks ago, however. When I was launching the app outside the debugger I had tonnes of crash reports accumulating on my phone but I didn't see any MTE ones. This was partly my oversight: once I had followed Eskimo's instructions to produce a valid simulated crash and knew exactly what it looked like, I trawled through carefully one at a time and found that I had previously triggered soft mode in two cases, in amongst a deluge of regular memory corruption crashes where it seemed MTE wasn't active at all. I'm not surprised I was confused. When I went back to my original app yesterday, and soft mode worked, I hadn't changed a single thing. My macOS, iOS and Xcode are still on the same versions.

So, who knows? Maybe there's an intermittent bug registering the entitlements properly. In any case I think I'm done playing with MIE for now. It's a neat feature. I hope everyone finds lots of bugs with it, and we get true hard mode soon.

Serious Computer Business Blog by Thomas Karpiniec
Posts RSS, Atom