I had an interesting convo with @matthew_d_green about it. Apple's Memory Integrity Enforcement (MIE) raise the cost of zero-day exploits, but by how much? MIE stops a huge swath of exploits that target unsafe memory handling. It's impressive and required new hardware features.

Matt took the conventional (and likely right) take: MIE should increase the cost of zero-days substantially. When a single exploit chain already costs ~$5 million, a defense like MIE might double the price or more by eliminating whole sets of techniques.

But what if the real cost driver is not the technical complexity of each exploit, but human resources. Suppose there are maybe 5 teams worldwide can actually productize a vuln into a stable exploit. MIE raises the bar for them, but does it slow them down much after they adapt?

First, let's get this out of the way: MIE isn't foolproof. I'm told it does not cover memory access/data from other hardware in the phone, like the baseband modem. Plus, there are some known (though tricky) bypasses for normal code. See Project Zero's blog

As Thomas Dolan said, malware is a "weird machine." MIE breaks some tools for building malware. But if the tiny number of brilliantly weird folks who build these machines are the real bottleneck, then, if they can adapt to MIE, the cost of exploits may not change that much.

As Thomas Dullien said, malware is a "weird machine." MIE breaks some tools for building malware. But if the tiny number of brilliantly weird folks who build these machines are the real price bottleneck, then, if they adapt to MIE, the cost of exploits may not change that much.