Two new side-channel attacks targeting Apple golden have been demonstrated by a team of security experts from Georgia Institute of Technology and Ruhr University Bochum, which could be used to extract sensitive information from web sites like Safari and Google Chrome.
The attacks have the names” Data Speculation Attacks via Load Address Prediction on Apple Silicon ( ) and” Breaking the Apple M3 CPU via False Load Output Predictions” ( ). Apple was notified of the problems in May and September 2024, both.
The vulnerabilities, like the earlier disclosed attack, build on , arising when theoretical murder “backfires”, leaving traces of mispredictions in the CPU’s microarchitectural state and the memory.
Spekulative implementation refers to a functionality marketing technique used in modern processors to predict the manage flow the CPU should follow and do instructions along the branch in advance.
The temporary guidelines ‘ results are discarded and regress any changes to the state made in response to the prediction.
These problems make use of the fact that fanciful execution leaves signs to make a CPU perform a series of transitory instructions, whose value can be inferred through a side-channel even after the CPU rolls up all the changes made to the position as a result of the misprediction.
According to the researchers,” In SLAP and FLOP, we demonstrate that recent Apple CPUs go beyond this by predicting the control flow the CPU should take as well as the data flow the CPU should operate on if data are not readily available from the memory subsystem,” they said.
Contrary to Spectre, mispredictions in data flow do not directly result in the CPU speculatingly executing the wrong instructions. Instead, they cause the CPU to execute arbitrary instructions on the incorrect data. However, we show this can be combined with indirection techniques to execute wrong instructions”.
According to previous memory access patterns, SLAP affects M2, A15, and newer chips by creating a Load Address Predictor ( LAP ) that Apple chips use to determine the next memory address the CPU will use to retrieve data from.
However, if the LAP predicts a wrong memory address, it may result in arbitrary computations on out-of-bounds data being executed by speculative execution, leading to an attack scenario in which an adversary can recover email content from a logged-in user and browsing patterns from the Safari browser.
FLOP, on the other hand, affects the M3, M4, and A17 chips, and targets a new feature called Load Value Predictor ( LVP), which is intended to improve data dependency performance by “guessing the data value that the memory subsystem will return on the next access by the CPU core.”
According to the researchers, FLOP causes” critical checks in program logic for memory safety to be bypassed, opening attack surfaces for leaking secrets stored in memory,” adding that it could be used to elicit various arbitrary memory read primitives, including recovering location history, calendar events, and credit card information.
The disclosure comes nearly two months after Korean University researchers detailed Sys Bumps, which they described as the first kernel address space layout (KASLR ) break attack on macOS for Apple silicon.
” By using Spectre-type gadgets in system calls, an unprivileged attacker can cause translations of the attacker’s chosen kernel addresses, causing the TLB to change according to the validity of the address”, Hyerean Jang, Taehun Kim, and Youngjoo Shin . This enables the creation of a attack primitive without compromising kernel isolation.
Separately, new academic research has also uncovered an approach to” combine multiple side-channels to overcome limitations when attacking the kernel”, finding that address space tagging,” the very same feature that makes mitigation of side-channels efficient, opens up a new attack surface”.
This includes a practical attack called TagBleed, which misuses tagged translation lookaside buffers ( TLBs ), which allow for residual translation information to break KASLR even with the most advanced mitigations “on contemporary architectures.”
When combined with a secondary side-channel attack that uses the kernel as a to leak additional information about its address space, VUSec researcher Jakob Koschel ,” This leakage is sufficient to fully derandomize KASLR.”
Found this article interesting? To read more exclusive content we post, follow us on and Twitter.