Side-Channel Attacks on Apple Silicon: A Growing Concern
Introduction
A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome.
The Attacks
The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and TagBleed. SLAP is a side-channel attack that targets the load address prediction mechanism in Apple silicon, allowing attackers to speculate on the location of sensitive data in memory. TagBleed, on the other hand, is a side-channel attack that targets the address space tagging feature in modern architectures, which is designed to make mitigation of side-channels efficient.
How the Attacks Work
SLAP works by exploiting the fact that the load address predictor in Apple silicon is not perfect, allowing attackers to speculate on the location of sensitive data in memory. This can be done by analyzing the behavior of the load address predictor and identifying patterns that can be used to predict the location of sensitive data.
TagBleed, on the other hand, works by abusing the tagged translation lookaside buffers (TLBs) feature in modern architectures. This feature is designed to make separation of kernel and user address spaces efficient, but it also creates a new attack surface. By exploiting this feature, attackers can leak residual translation information and break the kernel address space layout randomization (KASLR) even in the face of state-of-the-art mitigations.
Impact
The impact of these attacks is significant, as they can be used to leak sensitive information from web browsers like Safari and Google Chrome. This can have serious consequences, including the theft of sensitive data and the compromise of user privacy.
Conclusion
The discovery of these side-channel attacks on Apple silicon highlights the growing concern of side-channel attacks in modern architectures. As the complexity of modern systems increases, so does the number of potential attack vectors. It is essential that researchers and developers take these attacks seriously and work to mitigate them.
Additional Resources
For more information on the SLAP and TagBleed attacks, please refer to the following resources:
Follow Us
If you found this article interesting, please follow us on Twitter and LinkedIn to read more exclusive content we post.
