Safari Side-Channel Attack Enables Browser Theft

  /     /     /  
Publicated : 23/11/2024   Category : security


Safari Side-Channel Attack Enables Browser Theft


The iLeakage attack affects all recent iPhone, iPad, and MacBook models, allowing attackers to peruse your Gmail inbox, steal your Instagram password, or scrutinize your YouTube history.



Researchers have developed a side-channel exploit for Apple CPUs, enabling sophisticated attackers to extract sensitive information from browsers.
Side-channel attacks are usually overlooked, often physical counterparts to traditional software hacks. Rather than an unsecured password or a vulnerability in a program, they take advantage of the extra information a computer system or hardware generates — in the form of sound, light, or electromagnetic radiation, for example, or in the time it takes to complete certain computations (
a timing attack
).
On Wednesday, four researchers — including two of those responsible for uncovering
the Spectre processor vulnerability
back in 2018 —
published the details
of such an attack, which theyve named iLeakage, affecting all recent iPhone, iPad, and MacBook models.
The researchers informed Apple of their findings on Sept. 12, 2022,
according to their website
, and the company has since developed a mitigation. However, its still considered unstable, its not enabled on devices by default, and mitigating is only possible on Macs, not mobile devices.
In comments provided to Dark Reading on background, an Apple spokesperson wrote, This proof of concept advances our understanding of these types of threats. We are aware of the issue and it will be addressed in our next scheduled software release.
iLeakage takes advantage of A- and
M-series Apple silicon CPUs
capacity to perform speculative execution.
Speculative execution is a method by which modern CPUs predict tasks before theyre even prompted, in order to speed up information processing. This technique has been around for over 20 years, and today all modern CPUs use it — it significantly speeds up processing, even accounting for times it might get the anticipated instructions wrong, explains John Gallagher, vice president of Viakoo Labs.
The rub is that cache inside the CPU holds a lot of valuable data, including what might be staged for upcoming instructions. iLeakage uses the Apple WebKit capabilities inside a browser to use JavaScript to gain access to those contents.
Specifically, the researchers used a new speculation-based gadget to read the contents of another webpage when a victim clicked on their malicious webpage.
Alone, WebKit would not enable the cache contents to be divulged, nor would how A-Series and M-Series perform speculative execution — its the combination of the two together that leads to this exploit, Gallagher explains.
This builds on a line of attacks against CPU vulnerabilities that started around 2017 with
Meltdown and Spectre
, Lionel Litty, chief security architect at Menlo Security points out. High level, you want to think about applications and processes, and trust that the operating system with help from the hardware is properly isolating these from one another, but those two exploits broke the fundamental isolation between different applications, and an application and operating system, that we tend to take for granted as users, he says.
iLeakage, then, is a spiritual successor that focuses on breaking the isolation between browser tabs.
The good news is, in their websites FAQ section, the researchers described iLeakage as a significantly difficult attack to orchestrate end-to-end, which requires advanced knowledge of browser-based side-channel attacks and Safaris implementation. They also noted that successful exploitation hasnt been demonstrated in the wild.
Were a capable enough attacker to come along and try it, however, this method is powerful enough to siphon just about any data users traffic online: logins, search histories, credit card details, what have you. In
YouTube

videos
, the researchers demonstrated how their exploit could expose victims Gmail inboxes, their YouTube watch histories, and their Instagram passwords, as just a few examples.
Though it takes advantage of the idiosyncrasies in Safaris JavaScript engine specifically, iLeakage affects all browsers on iOS, because Apples policies force all iPhone browser apps to use Safaris engine.
Chrome, Firefox and Edge on iOS are simply wrappers on top of Safari that provide auxiliary features such as synchronizing bookmarks and settings. Consequently, nearly every browser application listed on the App Store is vulnerable to iLeakage, the researchers explained.
iPhone users are doubly in trouble, because the best fix Apple has released thus far only works on MacBooks (and, for that matter, only in an unstable state). But for his part, Gallagher backs Apples ability to design an effective remediation.
Chip-level vulnerabilities are typically hard to patch, which is why it is not surprising that there is not a fix for this right now. It will take time, but ultimately if this becomes a real exploited vulnerability a patch will likely be available, he says.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security

▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security

▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Safari Side-Channel Attack Enables Browser Theft