ios icon indicating copy to clipboard operation
ios copied to clipboard
verified publisher icon nextcloud

Opt-in to Arm MTE / MIE

Open thgoebel opened this issue 3 months ago • 0 comments

How to use GitHub

  • Please use the 👍 reaction to show that you are interested into the same feature.
  • Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
  • Subscribe to receive notifications on status change and new comments.

Feature request

Opt in to Arm MTE aka Memory Integrity Enforcement (MIE.

MTE is an easy security improvement (at least for users with iPhone 17, which have the hardware for MTE). To do so, you need to set the appropriate entitlement: https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app

Nextcloud parses potentially attacker controlled data, so enabling MTE/MIE is an easy defense-in-depth.

Important: before enabling MIE in production, you need to thoroughly test on an iPhone 17 that there are no crashes! If there are crashes "caused" by MTE, these need to be fixed. Note that these crashes are present even without MTE, MTE just makes them visible. So MTE is also a useful bug finding tool.

For background on MTE/MIE, see:

  • Apple announcement: security.apple.com/blog/memory-integrity-enforcement/
  • iOS docs: https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app
  • My blog post :innocent: : https://thore.io/posts/2025/09/introduction-to-arm-memory-tagging-extensions/

For Nextcloud Files for Android I made a PR: https://github.com/nextcloud/android/pull/15661

thgoebel avatar Sep 19 '25 09:09 thgoebel