Gianluca Varisco’s Post

"iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs" https://ift.tt/QeYA0P6 Oct 26, 2023NewsroomData Security / Vulnerability A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution," researchers Jason Kim, Stephan van Schaik, Daniel Genkin, and Yuval Yarom said in a new study. In a practical attack scenario, the weakness could be exploited using a malicious web page to recover Gmail inbox content and even recover passwords that are autofilled by credential managers. iLeakage, besides being the first case of a Spectre-style speculative execution attack against Apple Silicon CPUs, also works against all third-party web browsers available for iOS and iPadOS owing to Apple's App Store policy that mandates browser vendors to use Safari's WebKit engine. Apple was notified of the findings on September 12, 2022. The shortcoming impacts all Apple devices released from 2020 that are powered by Apple's A-series and M-series ARM processors. The crux of the problem is rooted in the fact that malicious JavaScript and WebAssembly embedded in a web page in one browser tab can surreptitiously read the content of a target website when a victim visits the attacker-controlled web page. This is accomplished by means of a microarchitectural side-channel that can be weaponized by a malicious actor to infer sensitive information through other variables like timing, power consumption, or electromagnetic emanations. The side channel that forms the basis of the latest attack is a performance optimization mechanism in modern CPUs called speculative execution, which has been the target of several such similar methods since Spectre came to light in 2018. While speculative execution is designed as a way to yield a performance advantage by using spare processing cycles to execute program instructions in an out-of-order fashion when encountering a conditional branch instruction whose direction depends on preceding instructions whose execution is not completed yet. The cornerstone of this technique is to make a prediction as to the path that the program will follow, and speculatively execute instructions along the path. When the prediction turns out to be correct, the task is completed quicker than it would have taken otherwise. But when a misprediction occurs, the results of the speculative execution are abandoned and the processor resumes along the correct path. That said, these erroneous predictions leave behind certain traces in the cache. Attacks like Spectre involve inducing a CPU to speculatively perform operations that would not occur during correct program executio...

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution," researchers Jason Kim, Stephan van Schaik, Daniel Genkin, and Yuval Yarom said in a new study. In a practical attack scenario, the weakness could be exploited using a malicious web page to recover Gmail inbox content and even recover passwords that are autofilled by credential managers. iLeakage, besides being the first case of a Spectre-style speculative execution attack against Apple Silicon CPUs, also works against all third-party web browsers available for iOS and iPadOS owing to Apple's App Store policy that mandates all browser vendors to use Safari's WebKit engine. https://lnkd.in/g2JaeSRH

Just a month into 2024, Apple and Google have already patched their first zero-day flaws of the year. What are these patches? How will it affect you and your devices? WIRED can answer those questions: https://bit.ly/3Uv051o #SecurityPatch #ZeroDayFlaw

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution," researchers Jason Kim, Stephan van Schaik, Daniel Genkin, and Yuval Yarom said in a new study. In a practical attack scenario, the weakness could be exploited using a malicious web page to recover Gmail inbox content and even recover passwords that are autofilled by credential managers. iLeakage, besides being the first case of a Spectre-style speculative execution attack against Apple Silicon CPUs, also works against all third-party web browsers available for iOS and iPadOS owing to Apple's App Store policy that mandates all browser vendors to use Safari's WebKit engine.

🍎 🐛 Researchers have developed a practical attack named #iLeakage that exploits a side channel vulnerability in Apple's A- and M-series CPUs running #iOS and #macOS devices. This attack, based on the speculative execution feature in modern CPUs, allows malicious websites to access sensitive information like passwords, Gmail message content, and more on vulnerable devices. The attack requires extensive reverse-engineering of Apple hardware and expertise in exploiting side channels, which leak secrets based on electromagnetic emanations or data caches. iLeakage operates as a website, using JavaScript to open a separate attacker-controlled site on the victim's device, enabling extraction of sensitive data.

Tired of Clicking On "I Agree" To Use Your Smartphone? No Requirement To Click Away Your Privacy And Security To Use Smartphones, Tablet PCs, Servers, And Laptop PCs Supported By PureOS From Purism. PureOS Is A Privacy Respecting Linux OS Requiring No Intrusive End User Agreement To Use A Purism Smartphone, Tablet PC, Server, Mini-PC, or Laptop PC Manufactured By Purism. Purism Puts You In Control Of Your Privacy And Security Instead Of Giving Control Over To Google, Apple, Microsoft, Or Any Other Tech Giant Who Employs Predatory Surveillance Business Practices. PureOS Provides True Convergence Turning Your Purism Smartphone Into A Powerful Quad 4 PC Equal To Your DeskTop PC. Learn More At: https://lnkd.in/gaNiiT5d

To my fellow Apple users, just a heads-up: Ensure your devices are up-to-date with the latest software – especially if you're on auto-updates, double-check that you're cruising on version 17.1.2. Also, give a nod to those less frequently used devices; a quick check wouldn't hurt.

What the history of OpenBoot, Phrack, Mudge & Solaris, can teach us about the wisdom (or not) of Apple’s building their iPhone security debugging-backdoor-NSA-hack thing https://lnkd.in/ec-k9rHc

The Librem 11 Tablet PC Features Security, Privacy, and No Surveillance or Data Mining from Big Tech the Way Computing Should Be! At Purism, we believe 100% that your personal and business information is yours to keep and should not be exploited for profits at the expense of your security or privacy. The Librem 11 Tablet PC is supported by PureOS, a non-Android OS, that supports D-Apps (decentralized apps) and social media platforms that are intentionally designed for security and privacy. Tablet PCs supported by the Android OS, Apple iOS, or Microsoft Windows support intrusive apps and social media platforms that in turn are supported by a targeted advertising business model rooted in Surveillance Capitalism posing numerous security and privacy threats to the product owner. Google, Apple, and Microsoft view their paying customers and/or their OS end users as products to be exploited for profits, at Purism we view our OS end users as paying customers and not products to be monetized or exploited for profits by way of intrusive apps or social media platforms. If you or your business values security and privacy, then the Librem 11 tablet PC is for you, plus our other privacy respecting smartphones, PCs, and servers all supported by PureOS. Watch this video to learn more about the Librem 11 tablet PC. https://lnkd.in/gUANCbbA

Recently, a group of researchers have announced a new side channel attack that exploits a weakness in A- and M- series CPUs running Apple iOS, iPadOS, and macOS. This Spectre-style speculative execution attack called "iLeakage" can extract sensitive information from the Safari Web browser and all third-party web browsers that use the Safari Webkit engine. To quote the researchers in the article, "An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution," (The Hacker News, 2023) Apple was notified of this exploit in September of last year, however, any devices released from 2020 that utilize A- and M-series CPUs and ARM processors are vulnerable to this exploit. For more information and video demos of the iLeakage exploit, read the article below: #cybersecurity #informationsecurity #exploitation #ios