For hackers and cybercriminals, speculative execution is a gift that keeps on giving.
In the latest development, researchers used the technique to steal passwords and other sensitive content from Apple devices via a side channel vulnerability - to target Macs, iPhones, and iPads, running A- and M-series CPUs with the latest iOS and macOS operating systems.
They named the flaw iLeakage, and what's more worrying is that it doesn’t have a CVE, or a patch, just yet, meaning iPhone and Mac users could still be at risk.
Apparently, the iLeakage site needs around five minutes to profile the target and less than a minute to extract a 512-bit secret.
“We show how an attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution,” the researchers said.
“In particular, we demonstrate how Safari allows a malicious webpage to recover secrets from popular high-value targets, such as Gmail inbox content. Finally, we demonstrate the recovery of passwords, in case these are autofilled by credential managers.” Safari is used as means of attack only on Macs. For iPhone and iPad devices, any browser will do, as they’re all built on Apple’s WebKit browser engine.
Speculative execution is a feature built into most of today’s hardware, to enhance its speed. In layman’s terms, a chip will try to guess what the next operation will be and will preload it in anticipation. If it speculated correctly, it can execute the operation quickly, thus improving the device’s overall speed. This feature has also been at the center of a number of controversies, starting with two huge vulnerabilities discovered roughly five years ago - Spectre and Meltdown. Patching the flaws meant slowing the devices down.
While iLeakage sounds dangerous, Ars Technica argues that it’s highly unlikely to be exploited in the wild as it requires plenty of experience and knowledge on how to reverse-engineer A- and M-series chips to gain insights into the side channel they contain. “There’s no indication that this vulnerability has ever been discovered before, let alone actively exploited in the wild,” the publication concludes.
More from TechRadar Pro
- Update your iPhone and iPad now – Apple just fixed a big iOS and iPadOS security flaw
- Here's a list of the best firewalls today
- These are the best endpoint protection tools around
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.