Since late October, when Apple released the new MacBook Pro lineup, powered by the all-new M3 chip family, tech experts and reviewers have been criticizing the new MacBook devices. We have read all types of reports on the new MacBook Pro, from the occasional teardown to the classic side-by-side old vs. new model GPU performance comparison tests. There have also been M3 chip debates and even complaints about ports left out or design tweaks. But one recent study stood out from the crowd.
On November 17, Georgia Tech reported that one of its PhD students, Jason Kim, proved that despite all the claimed chip updates, the M3 is vulnerable to a type of attack that has been known for years and has recently been proven that it can breach Apple devices.
Furthermore, iLeakage researchers assure that the problem is with the M3 chip itself. In other words, even if an update comes out, how this issue could be solved remains to be seen.
iLeakage can bypass the brand-new Apple M3 chips’ security
When Apple revealed the M3, M3 Pro, and M3 Max chips, the company claimed these were the “most advanced chips for a personal computer.” They were designed to power the next-generation GPU architecture and deliver significant performance improvements, and faster CPU, and Apple Neural Engine (ANE).
But, just weeks after the new MacBook Pro and the all-new M3 chip family hit the global market, Georgia Tech student Kim revealed that the new Apple tech can be breached using the iLeakage attack that we reported on in early November.
Apple has been aware of these kinds of attacks, known as side-channel executions, for some time now. In fact, in late October, an Apple spokesperson told TechTarget that the company was aware of the iLeakage issue and assured that a new software release was scheduled to fix the vulnerability.
Since the Apple source made those comments, Apple has been racing against zero-day exploits and vulnerabilities in their new OS. Apple has released seven security updates — including one for Safari that this type of attack targets. Still, no iLeakage fix has been released.
The damage iLeakage can do on the new MacBook Pro
Any cybercriminal that copycats the iLeakage attack will be able to breach the security of the new MacBook Pro, despite its claimed chip innovation. Attackers would gain a foothold into your Safari, accessing data such as your credentials to your social media channels, passwords, access to your email, YouTube data, and other browser data such as histories or cookies.
“As manufacturers developed faster and more efficient CPUs, their devices have become vulnerable to something called speculative execution attacks,” Georgia Tech reported. “This vulnerability is in the design of the chip itself. It has led to major software issues since the Spectre attack was reported in 2018.”
As manufacturers developed faster and more efficient CPUs, their devices have become vulnerable to something called speculative execution attacks.
Georgia Tech
iLeakage is a type of side-channel speculative attack, a technique that has been around for years. Using these techniques, hackers can trick the hardware and software of a computer to execute malicious code. In this case, a malicious website and code will break the isolation that exists between different taps in your Safari browser, stealing your browser information in a heartbeat.
“A remote attacker can deploy iLeakage by hosting a malicious web page they control, and a target just needs to visit that webpage,” said Kim. “Because Safari does not properly isolate web pages from different origins, the attacker’s webpage is able to coerce Safari to put the target webpage in the same address space. The attacker can use speculative execution to subsequently read arbitrary secrets from the target page.”
Why didn’t Apple fix this problem before releasing the new MacBook Pro?
While we cannot answer why Apple has not yet fixed this problem, we can say that iLeakage and side-channel speculative attacks are incredibly complex to manufacture, develop, and execute. These types of attacks are not trending in the cybercriminal underworld, mainly because they involve building specialized devices or gadgets, reverse-engineering Apple technology (yes, that means building hardware), and coding sophisticated side-channel malicious code.
Other types of attacks, such as stolen credentials, ransomware, DDoS, crypto-jacking, spyware, trojans, phishing, and malware-as-a-service attacks, demand less from attackers and are mostly software or data-based attacks. These are the types of attacks that the international cybersecurity community is dealing with daily. In fact, as far as we know, there is no evidence of iLeakage attacks detected in the wild. But, then again, iLeakage researchers say that this type of attack is highly undetectable.
Final thoughts
Despite side-channel attacks being difficult to carry out, all the iLeakage research — and Apple’s promise to deliver the next generation of chips with the M3 — seems to point in one clear direction.
The M3 chip family and the new MacBook Pro should isolate Safari web browser tabs from each other, preventing side-channel attackers from stealing sensitive information from victims who simply visit a dangerous website. Web browser isolation is at the core of online security, and iLeakage proves that using malicious JavaScript and WebAssembly attackers can steal Mac users’ information from potential victims. That includes personal information, social media data, history, passwords, or financial information such as bank credentials or credit card information.
At the time of this report, iLeakage attacks could breach all post-2020 Apple iPhones, iPads, laptops, and desktops.
This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. MacBook and MacBook Pro are trademarks of Apple Inc.
