--- libmalloc/libmalloc-521.120.7/src/malloc_common.h
+++ libmalloc/libmalloc-792.60.6/src/malloc_common.h
@@ -86,6 +86,27 @@
 MALLOC_NOEXPORT
 extern malloc_zero_policy_t malloc_zero_policy;
 
+#if !MALLOC_TARGET_EXCLAVES && !MALLOC_TARGET_EXCLAVES_INTROSPECTOR
+#if CONFIG_CHECK_PLATFORM_BINARY
+MALLOC_NOEXPORT
+extern bool malloc_is_platform_binary;
+#endif
+
+MALLOC_NOEXPORT
+bool
+_malloc_is_platform_binary(void);
+
+MALLOC_NOEXPORT
+extern bool malloc_internal_security_policy;
+
+#if !__has_feature(bounds_safety)
+MALLOC_NOEXPORT
+bool
+_malloc_allow_internal_security_policy(const char *envp[]);
+#endif
+
+#endif // !MALLOC_TARGET_EXCLAVES && !MALLOC_TARGET_EXCLAVES_INTROSPECTOR
+
 MALLOC_NOEXPORT
 unsigned
 malloc_zone_batch_malloc_fallback(malloc_zone_t *zone, size_t size,
@@ -129,20 +150,10 @@
 	MALLOC_PROCESS_QUICKLOOK_THUMBNAIL_SECURE,
 	MALLOC_PROCESS_QUICKLOOK_PREVIEW,
 	MALLOC_PROCESS_QUICKLOOK_THUMBNAIL,
-
-	MALLOC_PROCESS_TELNETD,
-	MALLOC_PROCESS_SSHD,
-	MALLOC_PROCESS_SSHD_KEYGEN_WRAPPER,
-	MALLOC_PROCESS_BASH,
-	MALLOC_PROCESS_DASH,
-	MALLOC_PROCESS_SH,
-	MALLOC_PROCESS_ZSH,
-	MALLOC_PROCESS_PYTHON3,
-	MALLOC_PROCESS_PERL,
-	MALLOC_PROCESS_SU,
-	MALLOC_PROCESS_TIME,
-	MALLOC_PROCESS_FIND,
-	MALLOC_PROCESS_XARGS,
+#if TARGET_OS_OSX
+	MALLOC_PROCESS_QUICKLOOK_UISERVICE,
+	MALLOC_PROCESS_QUICKLOOK_MACOS,
+#endif // TARGET_OS_OSX
 
 	// Browser
 	MALLOC_PROCESS_BROWSER,
@@ -161,12 +172,94 @@
 	MALLOC_PROCESS_COMMCENTER,
 	MALLOC_PROCESS_WIFIP2PD,
 	MALLOC_PROCESS_WIFIANALYTICSD,
+
+#if TARGET_OS_OSX
+	MALLOC_PROCESS_SAFARI,
+	MALLOC_PROCESS_SAFARI_SUPPORT,
+	MALLOC_PROCESS_VTDECODERXPCSERVICE,
+#endif // TARGET_OS_OSX
+
+#if TARGET_OS_VISION
+	MALLOC_PROCESS_PRESENCED,
+	MALLOC_PROCESS_FACETIME,
+	MALLOC_PROCESS_MANAGEDASSETSD,
+	MALLOC_PROCESS_POLARISD,
+	MALLOC_PROCESS_ARKITD,
+	MALLOC_PROCESS_BACKBOARDD,
+#endif
+
+	MALLOC_PROCESS_REPORTCRASH,
+	MALLOC_PROCESS_AUDIOCONVERTERSERVICE,
+
+	MALLOC_PROCESS_HARDENED_HEAP_CONFIG,
+
+	// NOTE: Processes enumerated above this line are considered "security
+	// critical", and will get additional features (guard pages, more pointer
+	// buckets, etc) if the secure allocator is enabled. Processes below the
+	// line have identities, but don't get these additional features
+	MALLOC_PROCESS_MAX_SEC_CRITICAL__MARK,
+	MALLOC_PROCESS_MAX_SEC_CRITICAL = MALLOC_PROCESS_MAX_SEC_CRITICAL__MARK - 1,
+
+	// Non security critical processes
 	MALLOC_PROCESS_AEGIRPOSTER,
 	MALLOC_PROCESS_COLLECTIONSPOSTER,
 
+#if TARGET_OS_WATCH
+	MALLOC_PROCESS_BACKBOARDD,
+	MALLOC_PROCESS_CLOCKFACE,
+#endif // TARGET_OS_WATCH
+
+#if TARGET_OS_OSX
+	// Processes that need secure allocator
+	MALLOC_PROCESS_GROUPSESSIONSERVICE,
+	MALLOC_PROCESS_IMTRANSCODERAGENT,
+	MALLOC_PROCESS_KEYCHAINSHARINGMESSAGINGD,
+	MALLOC_PROCESS_MESSAGES,
+	MALLOC_PROCESS_SCREENSHARING,
+
+	// Processes that do not get secure allocator
+	MALLOC_PROCESS_VTENCODERXPCSERVICE,
+#endif
+
+#if TARGET_OS_VISION
+	MALLOC_PROCESS_WAKEBOARDD,
+	MALLOC_PROCESS_REALITYCAMERAD,
+#endif
+
+
 	MALLOC_PROCESS_COUNT,
 } malloc_process_identity_t;
 
+static MALLOC_INLINE
+bool
+malloc_process_is_security_critical(malloc_process_identity_t identity)
+{
+	return identity > MALLOC_PROCESS_NONE &&
+			identity <= MALLOC_PROCESS_MAX_SEC_CRITICAL;
+}
+
+static MALLOC_INLINE
+bool
+malloc_process_is_security_critical_max_perf(
+		malloc_process_identity_t identity)
+{
+#if TARGET_OS_OSX
+	if (identity == MALLOC_PROCESS_MTLCOMPILERSERVICE) {
+		return true;
+	}
+#elif TARGET_OS_VISION
+	if (identity == MALLOC_PROCESS_ARKITD ||
+			identity == MALLOC_PROCESS_BACKBOARDD) {
+		return true;
+	}
+#endif
+
+	if (identity == MALLOC_PROCESS_HARDENED_HEAP_CONFIG) {
+		return true;
+	}
+
+	return false;
+}
 #endif // CONFIG_MALLOC_PROCESS_IDENTITY
 
 typedef enum : unsigned {
@@ -216,4 +309,25 @@
 	MALLOC_STATIC_ASSERT(offsetof(zone_t, wrapped_zone) == WRAPPED_ZONE_OFFSET, \
 			"malloc_get_wrapped_zone() dependency");
 
+// This function is used to abort the program when freeing an invalid pointer.
+// Its goal, as the naming indicates, is to provide a clear indication in the
+// call stack that libmalloc is intentionally crashing because the client
+// provided a pointer that was deemed invalid.
+#if CONFIG_MTE
+// When MTE is enabled, this function also validates the logical tag of the
+// pointer, causing the process to crash with a fatal exception (which cannot be
+// caught by the process) if it is invalid.
+#endif
+MALLOC_NOEXPORT MALLOC_NOINLINE
+void
+___BUG_IN_CLIENT_OF_LIBMALLOC_POINTER_BEING_FREED_WAS_NOT_ALLOCATED(
+	int flags,
+	void *__unsafe_indexable ptr);
+
+static MALLOC_INLINE
+void
+malloc_report_pointer_was_not_allocated(int f, void *__unsafe_indexable p) {
+	___BUG_IN_CLIENT_OF_LIBMALLOC_POINTER_BEING_FREED_WAS_NOT_ALLOCATED(f, p);
+}
+
 #endif // __MALLOC_COMMON_H