"Apple Launches New Security Research Hub"

Apple's efforts to strengthen the memory allocator have made it more difficult for attackers to exploit certain types of software vulnerabilities on iOS and Mac devices, according to a new website Apple launched to share technical details behind iOS and macOS security technologies. Apple Security Research is a new initiative that provides tools to help security researchers report issues to Apple, receive real-time status updates for submitted reports, communicate securely with Apple engineers investigating the issue, and learn more about the Apple Security Bounty program. The goal of the new security hub is to share Apple engineers' approach to security challenges with the research community, as well as to invite researcher contributions and feedback. Memory safety is an important area of focus, particularly because memory safety violations are the most commonly exploited class of software vulnerabilities. According to the engineers in post about XNU memory safety, improving memory safety on Apple platforms includes finding and fixing vulnerabilities, developing with safe languages, and deploying mitigations at scale. The kernel at the heart of iPhones, iPads, and Macs is XNU. The researchers revealed that much of the code running on the iPhone, iPad, and Mac was written in "memory-unsafe" programming languages, meaning they do not prevent memory safety violations, and developers can inadvertently and unknowingly violate memory safety rules while writing code. Attackers can use these flaws to crash software, execute unauthorized commands, and steal sensitive information. Rewriting large amounts of existing code in memory-safe languages is impossible, so improving memory safety is an important goal for engineering teams across the industry. This article continues to discuss Apple's new security hub and some details about the company's work on memory safety features. 

Dark Reading reports "Apple Launches New Security Research Hub"