Want more #SpeculativeExecution bugs? “You’re gonna be in a great mood all day.”

#Apple’s latest three generations of #ARM ISA chips have a pair of #Spectre-like vulnerabilities. But, unlike other #SpeculativeExecution flaws, this one seems like the real deal: It could actually be exploited to steal your private info. “Four or five seconds—it’s done!”

#Apple’s known about at least one of the bugs for TEN months. In #SBBlogwatch, we wonder why Tim’s crew did nothing about it. @TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/01/slap-flop-apple-silicon-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc $AAPL

Speculative execution and other microarchitectural attacks never went away, and the research just keeps getting smarter.

Pathfinder introduces new tools and two new types of speculative execution, affecting Intel and AMD CPUs.

#Spectre #SpeculativeExecution #CyberSec #AppSec #VU157097

https://pathfinder.cpusec.org/

"🚨 iLeakage: Safari's Side Channel Vulnerability Exposed! 🍎🔓"

Researchers have unveiled a new attack, dubbed "iLeakage", that exploits a side channel vulnerability in Apple's A- and M-series CPUs. This attack forces Apple’s Safari browser on iOS and macOS devices to reveal passwords, Gmail content, and more. The exploit is practical and doesn't require vast resources but demands in-depth reverse-engineering of Apple hardware. The side channel exploited is speculative execution, a feature in modern CPUs that has been the foundation for numerous attacks recently. The iLeakage attack, when executed, can recover YouTube viewing history, Gmail inbox content, and even passwords autofilled by credential managers. Apple is aware and plans to address this in an upcoming software release. 🚀🔍

Source: Ars Technica

Author: Dan Goodin - Senior Security Editor at Ars Technica. Profile

Tags: #iLeakage #Apple #Safari #SideChannel #Vulnerability #CyberSecurity #iOS #macOS #SpeculativeExecution 🌐🔐🍏

You might by now have heard of "Downfall"¹, yet another speculative execution attack on Intel processors.

The mitigations are going to cost another 50% performance on "selected workloads" which, by Murphy's, will inevitably be yours.

I quote something I find really rather irritating:

"
[Q] Can I disable the mitigation if my workload does not use Gather?

[A] This is a bad idea. Even if your workload does not use vector instructions, modern CPUs rely on vector registers to optimize common operations, such as copying memory and switching register content, which leaks data to untrusted code exploiting Gather.
"

No, you can freely decide to ignore microcode mitigations if you know what you are doing. There are thousands of reasons why you should not continue piling up Intel's microcode fixes on your machines and performance is indeed one of them.

This attack is based on the "gather" part of the "scatter-gather" SIMD algorithms, these are pretty ubiquitous if you have ever done HPC and, well, if your HPC machine is one telnet away from the Internet then you have a bigger problem than microcode².

Now, please understand, perhaps "for once and for all", that these attacks have a very simple "root cause": in the 1990s pretty much every processor manufacturer on the planet decided that performance trumped everything else and, therefore, went down (unprotected) speculative execution³.

This means that it cannot be fixed within current architectures.

#SpeculativeExecution #NamedVulnerabilities #Downfall #Hype #MitigationsDoneWrong

__
¹ https://downfall.page
² I used to manage an HPC network in the 1990s, I was hacked by, of all places, Intel in Israel (Haifa), no I cannot discuss this further, yes, I detected them.
³ If you read the literature you will discover that even IBM mainframe processors went down that route (hint, hint).

During this year's #BlackHat conference, security researcher Daniel Moghimi is set to present "Downfall", a new speculative execution vulnerability found in Intel processors from 2014-2023.

This new speculative execution vulnerability if exploited could allow attackers steal encryption keys & passwords.

Intel noted that they haven't seen this vulnerability being exploited in the wild and that detection is difficult.

Moghimi stated that exploiting was relatively easy, he goes on to say: