https://projectzero.google/2026/01/pixel-0-click-part-3.html
>We also discovered that kASLR is not effective on Pixel devices, due to a problem that has been known since 2016
KASLR works properly on GrapheneOS right now, unlike arm64 Linux elsewhere.
We fixed the issue of the physical address mapping not being randomized on arm64 Linux for GrapheneOS a while ago. The overall region is in a random location again including the kernel memory inside of it.
>Apple also recently implemented MIE, a hardware-based memory-protection technology similar to Memory Tagging (MTE), on new devices.
MIE is MTE. It is ARM FEAT_MTE4. It's Apples branding for MTE with a hardened allocator. Apple stepped forward in supporting MTE by default unlike stock Pixels.
>While MIE would not prevent the Dolby UDC vulnerability from being exploited in the absence of -fbounds-safety due to UDC using a custom allocator, it would probabilistically hinder an iOS kernel vulnerability similar to the BigWave driver bug from being exploitable. [...] Pixel 8 onwards shipped with MTE, but unfortunately, the feature has not been enabled except for users who opt into Advanced Protection mode, to the detriment of Pixel’s other users.
I don't think I need to mention which OS enables MTE by default for majority of the OS components and toggleable for user installed apps, unlike the stock OS.
Final
npub1hx…sg75y
2026-01-16 03:03:43 UTC
in reply to nevent1q…85lw
Author Public Key
npub1hxx76n82ags8jrduk0p3gqrfyqyaxnrlnynu9p5rt2vmwjq6ts3q4sg75ySeen on
wss://nostr.momPublished at
2026-01-16 03:03:43 UTCEvent JSON
{
"id": "012f2d031edc5f19c90f0f9768dde076f5d26f7e9e427ff79e1a04ca54df7c9e",
"pubkey": "b98ded4ceaea20790dbcb3c31400692009d34c7f9927c286835a99b7481a5c22",
"created_at": 1768532623,
"kind": 1,
"tags": [
[
"alt",
"A short note: https://projectzero.google/2026/01/pixel-0-click-p..."
],
[
"e",
"ada49855f83709295f30bdf8404b7bd2d483ed5d4455ba2a688016ba352b3e39",
"wss://relay.azzamo.net/",
"root",
"b7ed68b062de6b4a12e51fd5285c1e1e0ed0e5128cda93ab11b4150b55ed32fc"
],
[
"e",
"a43cff8aea7595c20a3b4bcdf11e82edb8657eb7c298c23e57dd60f56280f793",
"wss://nostr.mom/",
"reply",
"b98ded4ceaea20790dbcb3c31400692009d34c7f9927c286835a99b7481a5c22"
],
[
"p",
"b98ded4ceaea20790dbcb3c31400692009d34c7f9927c286835a99b7481a5c22",
"wss://nostr.mom/"
],
[
"p",
"b98ded4ceaea20790dbcb3c31400692009d34c7f9927c286835a99b7481a5c22",
"wss://nostr.mom/"
],
[
"p",
"b7ed68b062de6b4a12e51fd5285c1e1e0ed0e5128cda93ab11b4150b55ed32fc",
"wss://nos.lol/"
],
[
"r",
"https://projectzero.google/2026/01/pixel-0-click-part-3.html"
]
],
"content": "https://projectzero.google/2026/01/pixel-0-click-part-3.html\n\n\u003eWe also discovered that kASLR is not effective on Pixel devices, due to a problem that has been known since 2016\n\nKASLR works properly on GrapheneOS right now, unlike arm64 Linux elsewhere. \n\nWe fixed the issue of the physical address mapping not being randomized on arm64 Linux for GrapheneOS a while ago. The overall region is in a random location again including the kernel memory inside of it.\n\n\u003eApple also recently implemented MIE, a hardware-based memory-protection technology similar to Memory Tagging (MTE), on new devices. \n\nMIE is MTE. It is ARM FEAT_MTE4. It's Apples branding for MTE with a hardened allocator. Apple stepped forward in supporting MTE by default unlike stock Pixels.\n\n\u003eWhile MIE would not prevent the Dolby UDC vulnerability from being exploited in the absence of -fbounds-safety due to UDC using a custom allocator, it would probabilistically hinder an iOS kernel vulnerability similar to the BigWave driver bug from being exploitable. [...] Pixel 8 onwards shipped with MTE, but unfortunately, the feature has not been enabled except for users who opt into Advanced Protection mode, to the detriment of Pixel’s other users.\n\nI don't think I need to mention which OS enables MTE by default for majority of the OS components and toggleable for user installed apps, unlike the stock OS.",
"sig": "2754f41b17aafce02868259f374cb087627ebddaaf087a18aadd71e03578c7aff0256cfaec26df00286edbe8ff0dcc837a73faac175dec7c88a1b9c9a6e48a9c"
}