BOCHUM, Germany — Recent findings have exposed a lingering threat in our digital devices, directly linked to a security flaw first discovered in 2018 known as the Spectre attack. In a startling revelation, cybersecurity experts have identified a persisting vulnerability in Apple devices that could allow hackers to access sensitive information via Safari. This issue isn’t just a software bug that can be easily patched; it’s a flaw within the very architecture of modern processors that power our devices.
The 2018 Spectre attack rocked the tech world, exposing critical security flaws inherent in the hardware of modern processors used across countless devices and operating systems. These vulnerabilities could let attackers “eavesdrop” on confidential information stored in the memory of other running programs. The industry’s response was swift, with manufacturers, including Apple, rolling out supposed safeguards to protect user data.
However, this new study shows that these safety measures are insufficient. Researchers from Ruhr University Bochum, Georgia Tech, and the University of Michigan discovered that Mac and iOS systems are still prone to these security breaches. The team successfully demonstrated a way to exploit these vulnerabilities using the Safari browser, allowing them to access passwords, emails, and even location data.
The findings highlight the persistence of a security gap known in tech circles as a “side-channel attack.” Modern processors, or CPUs, are designed to perform multiple tasks simultaneously to optimize speed. They often try to predict the next action and execute instructions accordingly, a process known as ‘speculative execution.’ However, even uncompleted or discarded tasks by the CPU can leave traces, creating a backdoor for attackers to access data that is normally secure.
Apple’s strategy against such attacks involved isolating each web page in its Safari browser, running them as separate processes to prevent cross-access.
“Users can’t tell that they’ve landed on such a page,” says study co-author Yuval Yarom, from the Faculty of Computer Science at Ruhr University Bochum, in a statement. This indicates the stealthy nature of these attacks.
The research demonstrates that this defense could be bypassed, enabling hackers to read the contents of the inbox or access login data from password managers like LastPass, challenging the effectiveness of current security measures. This method, dubbed “iLeakage,” involves tricking users into visiting a malicious website that then allows the attacker to access private data like passwords and emails.
Responding to these findings, Apple has initiated software updates aimed at addressing these vulnerabilities and affirms its commitment to enhancing user security. The researchers have consolidated their findings and recommendations for users, including available updates on the website ileakage.com, emphasizing the importance of vigilance about the sites one visits online.
This situation serves as a reminder for the public to be cautious: clicking on unknown or untrustworthy links can lead to unseen cyber-attacks. Prof. Yarom emphasizes the importance of this simple rule, as staying informed and cautious online is crucial for maintaining personal data security amidst these ongoing cyber threats.
“As always, the rule is that you should only click on trustworthy sites,” Yarom explains.
- Adenman and Karlston
- 2
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.