An academic research team has developed a novel speculative side-channel attack, which they’ve named “iLeakage.” This attack highlights a security risk targeting vulnerabilities in recent Apple Inc. devices, enabling the extraction of sensitive data from Apple’s Safari web browser.
Speculative execution is a strategy contemporary processors employ to enhance performance by executing instructions even before determining whether they are genuinely needed. However, if not adequately managed, this approach can introduce security vulnerabilities.
Attackers achieved this by circumventing Apple’s implemented side-channel protections, including features like the low-resolution timer, compressed 35-bit addressing, and value poisoning, while also successfully bypassing Safari’s site isolation policy that segregates websites into distinct address spaces based on their effective top-level domain and one subdomain.
However, the researchers point out that executing this attack is challenging and demands a high level of expertise in browser-based side-channel attacks and a deep understanding of Safari’s implementation.
All versions Safari web browser
Successful exploitation of this vulnerability can leak sensitive information of safari users such as personal data, passwords, or emails.
How to use SanerNow to identify if you are affected?
Detection – Identify the vulnerable application Safari in your Infrastructure by using the Asset Exposure module of SanerNow.
Go to the Application Details section and search for “Safari”, it should list all the hosts installed with Safari.
Apple has introduced a mitigation technique and it is not enabled by default. To enable this follow these steps:
- Open Terminal and run’ defaults write com.apple.Safari IncludeInternalDebugMenu 1′ to enable Safari’s hidden debug menu.
- Open Safari and access the newly visible Debug menu.
- Within the Debug menu, select ‘WebKit Internal Features.’
- Scroll down and activate the ‘Swap Processes on Cross-Site Window Open’ option.
However, Apple has marked this mitigation as unstable. This indicates that it may not provide complete or reliable protection against the iLeakage vulnerability, and there might be ongoing work to improve its stability and effectiveness. We will wait for further updates from the vendor on the availability of Patch and keep you updated. Use SanerNow and keep your systems updated and secure.