VTA-004468 – Apple Vulnerability Exploitation Allows Attackers to Recover Sensitive Information from Safari
iLeakage is a transient execution side channel that targets Apple’s web browser, Safari. Even after 6 years of trying to mitigate the attack, the Spectre attack is still relevant and exploitable. With proper execution, an attacker is able to induce Safari to render an arbitrary webpage which wouldrecover sensitive information present within it using speculative execution. Malicious websites that utilize this exploit to recover secrets from popular high-value targets such as Gmail inbox content and credentials from Safari. iLeakage does this by exploiting the idiosyncrasies in Safari’s JavaScript engine. Addiotionally, due to Apple’s App Storeand sandboxing policies, other browsers are forced into using Safari’s JavaScript engine, which makes all other browsers listed on the App Store vulnerable to iLeakage. Once iLeakage is accessed through Safari, it requires the user to tap any point of the webpage to activate. When activated, it will open a target website such as gmail, instagram, etc. and renders the iLeaker page and the target webpage as the same process which allows the attacker to recover contents of the webpage in text form.
This exploit is present in devices running IOS or macOS with either the A-series or M-series CPUs which is present in all recent iPhones and iPads. Additionally, Laptops and Desktops from apple from 2020 and onwards are also vulnerable to this exploit. What makes iLeakage a big threat is that it is highly unlikely to be detected as the exploit does not leave a trace in the system’s log files and runs on the Safari browser. However, there may be a chance that the attacker’s webpage that is hosting iLeakage may be present in the browser cache of recently visited pages. While there are no traces of iLeakage being abused by malicious entities, it is extremely difficult to carry out the attack end-end and requires an advanced knowledge of browser-based side-channel attacks and Safari’s implementation. The group of academics who devised iLeakage has notified Apple about this particular exploit and Apple has implemented a mitigation for this exploit on macOS.
Severity:
High
Attack Surfaces:
Web Browser
Technical Impact Analysis:
Loss of Confidentiality
Business Impact Analysis:
Privacy Violation
References:
https://ileakage.com/
SuperPRO’s Threat Countermeasures Procedures:
1. Ensure update your device OS to latest version.
2. Implement password best practices for ensuring online security and protecting sensitive information.
3. Raise the awareness of website browsing.
4. Enable Two-Factor Authentication to add an extra layer of security.
5. Disable unnecessary JavaScript, use reputable browser extensions to control JavaScript execution.
6. Regularly back-up to ensures that even if your system is compromised, your critical data remains safe.
Contributed by: Sherman