iLeakage is a transient execution side channel attack that targets the Safari web browser on Apple devices. It demonstrates that the Spectre attack, which has been the subject of mitigation efforts for nearly six years, is still exploitable. The attack allows an attacker to induce Safari to render a webpage and recover sensitive information from it using speculative execution. This includes recovering passwords and accessing personal information. Apple has implemented a mitigation for iLeakage in Safari, but it is not enabled by default and is marked as unstable. The attack is difficult to orchestrate and requires advanced knowledge of browser-based side-channel attacks. It works on devices running macOS and iOS with Apple’s A-series or M-series CPUs. There are steps provided to enable the mitigation on Mac devices. It is unlikely to be detected but may leave traces in the browser’s cache. The attack does not work on browsers such as Chrome, Firefox, and Edge on macOS but is applicable to nearly every browser app on iOS. The research behind iLeakage received support from various organizations and the views expressed are those of the authors.
https://ileakage.com/