Title: Apple’s Safari Browser Remains Vulnerable to Spectre Attacks, Study Shows
Introduction:
According to a recent study conducted researchers from Ruhr University Bochum, in collaboration with Georgia Tech and the University of Michigan, Apple’s Safari browser is still susceptible to Spectre attacks. Despite efforts to address this hardware vulnerability since its emergence in 2018, both Mac and iOS systems, particularly when utilizing Safari, continue to be at risk.
Spectre Attack and Vulnerability:
The Spectre attack exploits a fundamental feature of modern microprocessors known as speculative execution, which allows CPUs to optimize performance. However, this technique also creates a vulnerability that attackers can exploit to compromise sensitive data. Despite countermeasures implemented manufacturers, the study suggests that these measures may not provide sufficient protection.
Project Leaders and Findings:
Led Professor Yuval Yarom from Ruhr University Bochum’s Cluster of Excellence “Cyber Security in the Age of Large-Scale Adversaries” (CASA), along with other experts, the research team will present their findings at the upcoming Conference on Computer and Communications Security (CCS). They have identified an attack named “iLeakage” that requires users to be directed to a malicious website. Therefore, users are advised to exercise caution and only interact with trustworthy sites.
Exploiting the Vulnerability:
Once a user visits the attacker’s website, the attacker can access the user’s email app and view their inbox contents. They can also navigate to other websites, such as the login page of the user’s bank. The research team also discovered that if the auto-fill option is enabled, attackers can automatically access login data stored in the LastPass password manager, compromising supposedly secure passwords.
Root Cause of the Vulnerability:
The vulnerability in Safari stems from the operational principle of modern CPUs, which execute instructions concurrently. This speculative execution method accelerates processing but also initiates instructions even when conditions for their execution are uncertain. Discarded processes leave traces that attackers can exploit to extract sensitive memory data. While protective measures have been integrated into web browsers, the researchers showed that they could bypass these defenses.
Conclusion:
The study’s findings highlight an ongoing vulnerability in Apple’s Safari browser, despite attempts to address the Spectre attack. Users are urged to remain cautious when visiting websites and ensure that any software and security measures are up to date. As technology continues to evolve, it is vital for browser developers and manufacturers to prioritize security and prevent potential exploitation malicious actors.
(Image Source: App Store – Apple)
© 2023 TECHTIMES.com All rights reserved. Do not reproduce without permission.