October 26, 2023 at 07:32AM
Researchers have developed a new side-channel attack called iLeakage that can extract sensitive information from Safari on Apple devices. It bypasses standard side-channel protections and can retrieve data from Safari, Firefox, Tor, and Edge on iOS with near-perfect accuracy. The attack exploits speculative execution in Apple Silicon CPUs and requires advanced knowledge of browser-based side-channel attacks. Apple has provided mitigations for macOS, but the attack emphasizes the speculative execution risks on emerging ARM-based platforms.
Based on the meeting notes, the main points are as follows:
1. Academic researchers have created a new speculative side-channel attack named iLeakage that can extract sensitive information from the Safari web browser on all recent Apple devices.
2. iLeakage is the first demonstration of a speculative execution attack against Apple Silicon CPUs and the Safari browser. It works on other browsers like Firefox, Tor, and Edge on iOS as well.
3. The attack bypasses standard side-channel protections implemented by browser vendors.
4. The researchers focused on stealing sensitive information from Safari and were able to do so by implementing a timerless and architecture-agnostic method based on race conditions.
5. They defeated the side-channel protections implemented by Apple in its browser, such as low-resolution timer, compressed 35-bit addressing, and value poisoning.
6. The researchers also bypassed the site isolation policy in Safari.
7. The attack uses JavaScript and WebAssembly for the proof-of-concept code.
8. iLeakage exploits speculative execution in Apple Silicon chips, which can cause data leaks.
9. The attack impacts all Apple devices released from 2020 that are powered by Apple’s A-series and M-series ARM processors.
10. The attack is difficult to carry out and requires advanced knowledge of browser-based side-channel attacks and Safari’s implementation.
11. Apple has developed mitigations for macOS, including enabling Safari’s hidden debug menu and activating ‘Swap Processes on Cross-Site Window Open’ in the debug settings.
12. The research highlights potential speculative execution risks in emerging ARM-based platforms.
Please note that this summary is based on the information provided in the meeting notes and may not capture all the details.