Apple's deployment of **Memory Tagging Extension** (MTE) across iOS represents a fundamental shift in mobile platform memory safety. This talk provides a comprehensive technical analysis of how MTE is integrated throughout the iOS memory management stack, from kernel zone allocators to userland heap implementations.
We'll explore the technical architecture of MTE-enabled allocators, tracing their implementation from the kernel level to userland components like libmalloc's new secured allocator (**XZone**). Attendees will gain a detailed understanding of when and where MTE protection is active, which system components leverage it, and the practical implications for security researchers analyzing iOS memory management.
This presentation equips researchers with both the knowledge and tooling necessary to understand and analyze modern iOS memory protection mechanisms, providing a foundation for future security research on MTE-protected Apple platforms.
Patrick Ventuzelo is a senior security researcher, CEO & founder of Fuzzinglabs. After working for the French Ministry of Defense, he specialized in fuzzing, vulnerability research, and reverse engineering. Over the years, Patrick has created multiple fuzzers, found hundreds of bugs, participate at Pwn2Own and published various blog posts/videos/tools on topics like Rust, Go, Blockchain, WebAssembly, and Browser security. Patrick is a regular speaker and trainer at various security conferences around the globe, including BlackHat USA/EU, OffensiveCon, REcon, RingZer0, PoC, ToorCon, hack.lu, NorthSec, SSTIC, and others.
Atlan Pinabel is employed as a security researcher and iOS team leader at FuzzingLabs, where his primary focus is on empowering FuzzForge with iOS knowledge and tooling, while also providing top-notch iOS trainings.
