In a recent study, a group of academics has introduced iLeakage, a groundbreaking side-channel attack exploiting a vulnerability in Apple’s A- and M-series CPUs, affecting iOS, iPadOS, and macOS devices. This attack enables the extraction of sensitive information from the Safari web browser.
Researchers, including Jason Kim and Stephan van Schaik, discovered that attackers can induce Safari to render a webpage, subsequently extracting sensitive information through speculative execution. This novel method, the first of its kind against Apple Silicon CPUs, works not only on Safari but also impacts all third-party web browsers for iOS and iPadOS, adhering to Apple’s App Store policy.
Understanding iLeakage
The heart of the problem lies in speculative execution, a performance optimization mechanism in modern CPUs. Despite being the focus of previous vulnerabilities like Spectre, iLeakage utilizes a timer-less and architecture-agnostic approach, leveraging race conditions to distinguish cache hits and misses.
iLeakage not only surpasses Apple’s hardening measures but also establishes a covert channel based on a gadget that achieves an out-of-bounds read in Safari’s rendering process, resulting in information leakage. This breach bypasses isolation protections, showcasing the vulnerability’s sophistication.
Gmail Inbox and Autofilled Passwords at Risk of iLeakage
In a practical scenario, this weakness could be exploited using a malicious webpage to recover Gmail inbox content and even extract passwords autofilled by credential managers, highlighting the severity of the vulnerability.
Apple was alerted to these findings on September 12, 2022. The vulnerability affects all Apple devices released from 2020 that are powered by A-series and M-series ARM processors.
Real-World Threats and Ongoing Hardware Vulnerabilities
While the likelihood of practical real-world attacks is low due to the required technical expertise, the iLeakage research underscores the persistent threats posed by hardware vulnerabilities. This revelation follows a series of side-channel attacks and the discovery of RowPress, emphasizing the ongoing challenges in securing hardware despite advancements in cybersecurity.
In a landscape where hardware vulnerabilities continue to surface, the iLeakage revelation reinforces the importance of vigilant cybersecurity practices and the need for ongoing efforts to address potential threats to user data and privacy.