A recent study conducted by researchers from Ruhr University Bochum, in collaboration with Georgia Tech and the University of Michigan, has revealed that Apple's Safari browser is still susceptible to Spectre attacks.
According to TechXplore, despite efforts to address the hardware vulnerability since its emergence in 2018, the study indicates that both Mac and iOS systems, particularly when utilizing Safari, continue to be at risk.
Apple Safari Browser Still Susceptible to Spectre Attacks
The Spectre attack is a type of security vulnerability that exploits a fundamental feature of modern microprocessors (CPUs) known as speculative execution. Speculative execution is a technique used by CPUs to optimize performance.
It allows the CPU to execute instructions out of order, predicting which instructions are likely to be needed next and starting their execution before it is certain they will be used.
The Spectre attack uncovered a fundamental vulnerability in the hardware architecture of modern processors, potentially allowing attackers to compromise sensitive data. Manufacturers implemented countermeasures in response, but the study suggests these measures may not provide sufficient protection.
The project is led by Professor Yuval Yarom from Ruhr University Bochum's Cluster of Excellence "Cyber Security in the Age of Large-Scale Adversaries" (CASA), along with Jason Kim, Associate Professor Daniel Genkin from Georgia Tech, and Stephan van Schaik from the University of Michigan.
They will present their findings at the Conference on Computer and Communications Security (CCS) in Copenhagen from November 26 to 30. To execute the identified "iLeakage" attack, attackers must first direct users to a website under their control. Hence, Yarom advises users to exercise caution and only interact with trustworthy sites.
Once a user visits the attacker's website, the attacker can open the user's email app in a separate window and view the contents of their inbox. Alternatively, they can navigate to other websites, such as the login page of the user's bank.
Furthermore, the research team noted that if the auto-fill option is enabled, attackers could automatically access login data stored in the LastPass password manager, potentially compromising supposedly secure passwords.
Read Also: Apple Safari: Initial Plans of DuckDuckGo Switch, But Google Remains for Private Mode-Why?
Root Cause of Apple Safari Browser Vulnerability
The vulnerability stems from the operational principle of modern CPUs, which execute instructions concurrently rather than sequentially, according to the study. This speculative execution method accelerates processing but may initiate instructions even when conditions for their execution are uncertain.
If conditions are not met, the CPU discards the process and restarts it. However, these discarded processes leave traces, creating an exploitable vulnerability for attackers to extract sensitive memory data.
Manufacturers have integrated protective measures into web browsers to counteract this form of side-channel attack. For instance, each Safari web page accessed by the user should be run in a separate process.
However, the researchers showed they could bypass the defense, opening a second web page in the same process. According to the team, this loophole will enable attackers to intercept information that should have been unattainable.
Related Article: Safari's 20th Anniversary: Apple's 'Fastest Web Browser' Made for the Macbook Over the Years
