Data integrity

The tangle is network bound instead of computing bound. So its main bottlenecks are routers and firewalls, rather than mining rigs and hashpower. The attacker would have to be omnipresent in the network to amass sufficient weight.

Tangle deals in probabilities. There is no global consistency in the tangle. There is eventual consistency. This is related to the CAP theorem. If your transaction is referenced directly or indirectly by every new transaction then it can be considered "confirmed" with high likelihood. Source

When a full node is asked to provide tips to a light node to create a transaction, the full node will walk backwards along the edges of the DAG to the genesis transaction and check if there are any conflicting transactions along the way. If there is then that tip is discarded. If there isn't then the tip is considered valid. Source

So full nodes are constantly being asked to provide branch and trunk tips to light nodes for bundling purposes and will only select tips free of conclict. The attacker will try and do the same with his double-spend and has to find a way to overwhelm the entire network's influx.

Pruning mechanism