Affects Apple iPhones and Macs with A and M-Series CPUs: Uncovering the Latest Safari Exploit

    A team of academics has uncovered a side-channel attack they named iLeakage. This attack jeopardizes the A- and M-series CPUs in Apple iOS, iPadOS, and macOS devices, extracting sensitive details from the Safari browser.

    Researchers Behind the Discovery
    Jason Kim, Stephan van Schaik, Daniel Genkin, and Yuval Yarom detailed their findings in a study. They showed how inducing Safari to display a specific webpage can lead to the exploitation of speculative execution. This exploitation allows attackers to pull sensitive data from the content displayed.

    Potential Risks
    Attackers could harness this vulnerability to view Gmail inbox content. They might even discover passwords that credential managers autofill via a harmful webpage.

    Understanding iLeakage
    iLeakage marks the first time researchers have seen a Spectre-style speculative execution attack on Apple Silicon CPUs. Apple’s policy mandates browser vendors to use Safari’s WebKit engine. As a result, all third-party web browsers for iOS and iPadOS are vulnerable.

    Vulnerability Details
    On September 12, 2022, Apple learned about this vulnerability. All Apple devices with A-series and M-series ARM processors from 2020 onwards are at risk. Malicious JavaScript and WebAssembly code in a webpage can stealthily read the content of a target website when a user lands on an attacker’s page.

    Exploiting Speculative Execution
    Speculative execution, a performance-boosting feature in modern CPUs, lets these CPUs process program instructions out of sequence. It predicts a program’s route and tentatively follows that path. When it predicts incorrectly, it leaves cache traces behind.

    Attacks like Spectre use these wrong predictions. They trick CPUs into leaking a user’s private information through a side channel by forcing CPUs to make faulty predictions. Attackers can then see data linked to another program, overriding isolation defenses.

    iLeakage Mechanics
    The iLeakage attack sidesteps Apple’s defenses. It employs a method that doesn’t need timers and works across architectures. This approach exploits race conditions to differentiate between cache hits and misses when the attacker and target processes share a CPU.

    Broader Implications
    This method sets up a secret channel that lets an attacker read anywhere in Safari’s rendering process, causing data leaks. Though exploiting this vulnerability in real-life scenarios requires deep technical knowledge, it underscores the persistent danger of hardware vulnerabilities.

    Continued Hardware Threats
    The announcement of iLeakage follows the disclosure of three other side-channel attacks: Collide+Power, Downfall, and Inception. All three can leak sensitive data from up-to-date CPUs. The discovery of RowPress, a RowHammer attack variant on DRAM chips, further stresses the importance of staying alert to hardware vulnerabilities.

    Latest articles

    Related articles