![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/10\/iLeakage-Attack-Spectre-speculative-execution-Apple-silicon-M-series-Macs-600x300-1.jpg\")
<\/p>\n<\/p>\n
Remember Spectre<\/a>, the speculative execution<\/a> attack? Researchers have discovered a new exploitation technique called the “iLeakage Attack” that can exploit processors’ speculative execution feature. Specifically, an attacker may be able to steal passwords and extract data from pages in the Safari browser on Apple silicon (M-series processor) Macs. Meanwhile, iPhones and iPads (with A-series processors) are also vulnerable.<\/p>\n In a paper titled “iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices” (PDF<\/a>), four university researchers describe the attack. They demonstrate how an attacker can recover passwords that were autofilled by a credential manager<\/a>, or the contents of Web pages (for example, a victim’s private Gmail messages or YouTube watch history), using their iLeakage exploit.<\/p>\n Here are the most important things to know about the iLeakage Attack.<\/p>\n In this article:<\/em><\/p>\n The researchers are unaware of any real-world attacks that may have leveraged the iLeakage exploitation methodology. But that doesn’t mean it hasn’t happened.<\/p>\n It is highly unlikely that anyone\u2014aside from a threat actor that may have used the technique\u2014would ever know that the exploit had been used. No system logs would indicate the usage of such exploits.<\/a><\/p>\n If you’re concerned about someone potentially using the iLeakage Attack against you, there are a few options for protecting your system.<\/a><\/p>\n The iLeakage homepage explains that Apple implemented a (non-default) mitigation for this exploit in macOS Ventura 13.0. This means that all later versions of macOS\u2014including macOS Sonoma 14.x\u2014have the capability to enable Apple’s mitigation method.\u00a0The caveat: Apple chose to leave the mitigation disabled by default<\/strong>, meaning that concerned users or IT administrators will have to manually enable the mitigation technique.<\/p>\n Users of macOS Sonoma can follow this process to enable the mitigation:<\/p>\n More complete steps on how to enable Full Disk Access, as well as the slightly different mitigation method for macOS Ventura, are available on the iLeakage site<\/a>.<\/a><\/p>\n An alternative way to block the iLeakage exploitation technique is to enable Lockdown Mode<\/a>. However, Lockdown Mode has other side effects that average users may find undesirable, as it’s specifically designed to reduce the device’s feature set to limit its attack surface. Apple intends for Lockdown Mode to be used by people who are highly likely to be targeted by well-funded, nation-state level threat actors.<\/a><\/p>\n Only Safari is vulnerable to the specific exploitation technique developed by the researchers. Thus, using Firefox, Chrome, or another Chromium-based browser<\/a> would be sufficient to stop the iLeakage Attack.<\/a><\/p>\n While Intel got a bad rap for the existence of these vulnerabilities, the problem wasn’t actually limited to only Intel (or even AMD) CPUs. ARM-based processors, like those in Apple’s iPhone, iPad, and iPod touch products, also required software-based mitigations. Apple released some relevant security patches for these systems, as well as for Macs, in December 2017 (before the vulnerabilities were disclosed to the public) and January 2018.<\/p>\n Later speculative execution exploits have included Foreshadow<\/a> (August 2018), SPOILER<\/a> (March 2019), ZombieLoad<\/a> (May 2019), Retbleed<\/a> (July 2022), and Downfall<\/a> (August 2023), all of which affected Intel processors. Yet another, PACMAN<\/a> (June 2022), affected Apple M1 processors specifically.<\/p>\n Apple began to migrate Macs to its own ARM-based “M-series” (M1, M2, and M3) processors, collectively dubbed “Apple silicon,” in 2020. Other than refurbished units, Apple no longer sells Intel-based Macs today. However, Apple still supports many Intel Macs; macOS Sonoma is compatible with many Intel-based Mac models released between 2017 and 2020.<\/p>\n Of course, as we have seen with PACMAN and now iLeakage, even Apple silicon Macs are not invulnerable to speculative execution attacks. It is likely that more such attack methods will be discovered in the future.<\/a><\/p>\n More details about the iLeakage Attack, including demonstration videos, are available at the researchers’ site: ileakage.com<\/a>.<\/p>\n You can also subscribe to our e-mail newsletter<\/strong><\/a> and keep an eye here on The Mac Security Blog<\/strong><\/a> for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Researchers have revealed iLeakage, a Spectre-based exploit that lets attackers steal passwords and sensitive data from the Safari browser on Macs. Here is everything you need to know to stay protected.<\/p>\n","protected":false},"author":14,"featured_media":99150,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[13],"tags":[52,3856,4712,143],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\n\t\n\t\n\t\n\n
\n
Has iLeakage been used in real-world attacks?<\/h3>\n
Are there any mitigation techniques?<\/h3>\n
Mitigation technique 1: Enable “Swap Processes on Cross-Site Window Open”<\/strong><\/h4>\n
\n
\ndefaults write com.apple.Safari IncludeInternalDebugMenu 1<\/code><\/li>\nMitigation technique 2: Enable Lockdown Mode<\/strong><\/h4>\n
Mitigation technique 3: Use a browser other than Safari<\/strong><\/h4>\n
What’s the history of speculative execution exploits?<\/h3>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/Meltdown-Spectre-150x84.png\")
In January 2018, multiple groups published independently researched reports about vulnerabilities related to speculative execution<\/em>, a technology that enhances processor performance. Also revealed at that time were Meltdown and Spectre<\/a>\u2014exploits that leveraged those vulnerabilities.<\/p>\n![\"xkcd](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/xkcd-1938_meltdown_and_spectre_2x-1024x987.png\")
\nImage credit: xkcd #1938<\/a> by Randall Munroe<\/p>\nHow can I learn more?<\/h3>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/04\/intego-podcast-artwork-400.jpg\")
<\/a>Each week on the Intego Mac Podcast<\/strong><\/a>, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast<\/strong><\/a> to make sure you don\u2019t miss any episodes.<\/p>\n![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Twitter-logo-icon-64.png\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Facebook-logo-icon-64.png\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/YouTube-logo-icon-64.png\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Pinterest-logo-icon-64.png\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/LinkedIn-logo-icon-64.png\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Instagram-logo-icon-64.png\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile.png\" "\\"Follow")
<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"