Georgia Tech researcher Jason Kim has identified a security vulnerability in Apple's latest MacBook Pro featuring the M3 processor chip. This revelation comes weeks after the product's release, raising questions about the robustness of Apple's devices.
Kim's demonstration showcased the exploitation of the recently identified iLeakage side-channel exploit, highlighting its potential threat to Apple devices irrespective of the latest software updates.
A new 13" MacBook Pro is on display inside the Steve Jobs Theater during the Apple Worldwide Developers Conference (WWDC) at the Apple Park campus in Cupertino, California on June 6, 2022
iLeakage Exploit Could Affect Apple's New MacBook Pro, Other Devices
Initially discovered by Jason Kim and Daniel Genkin, an associate professor in the School of Cybersecurity and Privacy, the vulnerability extends its reach to impact all Apple devices, including iPhones, iPads, laptops, and desktops manufactured since 2020.
The iLeakage exploit operates by providing attackers visibility into their target's Safari browser activities. This vulnerability opens the door to unauthorized access to critical information such as Facebook and Instagram login credentials, Gmail inboxes, and YouTube watch histories.
Kim's previous demonstration, conducted on a slightly older MacBook Pro, revealed the far-reaching implications of iLeakage, underlining its potency.
"A remote attacker can deploy iLeakage by hosting a malicious webpage they control, and a target just needs to visit that webpage," Kim explained.
"Because Safari does not properly isolate webpages from different origins, the attacker's webpage is able to coerce Safari to put the target webpage in the same address space. The attacker can use speculative execution to subsequently read arbitrary secrets from the target page," he added.
Root Cause
The root cause of such vulnerability lies in the design of modern CPUs, specifically their susceptibility to speculative execution attacks, according to the researchers.
These vulnerabilities became more pronounced as CPUs evolved for enhanced speed and efficiency. Speculative execution attacks, exemplified by the Spectre attack reported in 2018, have presented persistent challenges, leading to ongoing efforts to address these issues.
"iLeakage shows these attacks are still relevant and exploitable, even after nearly six years of Spectre mitigation efforts following its discovery," said Genkin.
"Spectre attacks coerce CPUs into speculatively executing the wrong flow of instructions. We have found that this can be used in several different environments, including Google Chrome and Safari," he added.
However, the research team lacks evidence indicating the utilization of iLeakage by real-world cyber attackers. Their assessment underscores that orchestrating iLeakage is a highly intricate endeavor, entailing advanced expertise in browser-based side-channel attacks and a comprehensive understanding of Safari's implementation.
The vulnerability introduced by iLeakage is limited to the Safari web browser on macOS, exploiting peculiarities specific to Safari's JavaScript engine. In contrast, according to the team, iOS users encounter a distinct scenario governed by the sandboxing policies enforced by Apple's App Store.
These policies mandate that other browser apps utilizing iOS must employ Safari's JavaScript engine, rendering nearly every browser application featured on the App Store susceptible to iLeakage.
Related Article: iPhone's Digital Car Keys See Consortiums Teaming Up to Expand UWB Connectivity, Car Starting Feats
