93% of Chipset Flaws on Android Devices Persist Across Generations

Spectre and Meltdown on x86 chips : nervously stares

Apple hardware is much more robust to these types of threats

Any source where I can verify this claim?

Because Apple hardware seems similarly bad: Unpatchable vulnerability discovered in Apple M1, M2 and M3 chips — what you need to know | Tom's Guide

Or this spectre like attack: New iLeakage attack can steal your emails and passwords on iPhone and Mac — how to stay safe | Tom's Guide

Apple is just better better for your privacy and security, source: Apple’s marketing says so and just trust me bro.

I say that MacOS itself is secure but hardware wise oo Apple can have it’s oopsies. With that insecure on M1 and stuff might as well use Asahi Linux

[quote="Anon47486929, post:4, topic:23070”]
Or this spectre like attack: New iLeakage attack can steal your emails and passwords on iPhone and Mac — how to stay safe | Tom’s Guide
[/quote]

This utilizes just-in-time (JIT) compilation, which can be easily disabled using Lockdown Mode. In fact, Privacy Guides mentions you should turn it on, too. If you follow Privacy Guides’s best practices, you don’t need to worry about this. However, you will suffer performance loss when browsing the web.

Edit: I just found out that iLeakage has been patched, so you don’t need to turn on Lockdown Mode anymore. However, it’s still a valid tool to reduce the attack surface for anyone using Apple devices.

iLeakage is mitigated as of Safari 17.2, which ships with iOS 17.2 and macOS 14.2.

[quote="Anon47486929, post:4, topic:23070”]
Because Apple hardware seems similarly bad: Unpatchable vulnerability discovered in Apple M1, M2 and M3 chips — what you need to know | Tom’s Guide
[/quote]

Per Asahi Linux team, GoFetch is patchable. If you use Linux on Apple Silicon, you don’t have to worry about this. From M3 onwards, Apple Silicon respects your data-independent timing choices to disable/enable data memory-dependent prefetcher (DMP)—the thing that makes GoFetch possible.

Inadvertently, these two vulnerabilities reflect the intricate balance between security and performance. JIT and DMP are clever techniques used to boost performance on Apple Silicon and others.

JIT has been proven time and time again that it’s a security risk. Meanwhile, DMP is very new, but I will not surprise if it goes down the same path as JIT. Actually, GoFetch has been recently demonstrated on Intel chips, too.

Lockdown Mode is a big blow to usability and features, can’t even compare it to something like Vanadium, where JIT is just disabled by default and you can enable it per site with a simple toggle without having to pick between everything and a kitchen sink or nothing at all.

If you lose Linux on Apple Silicon, you lose important hardware and firmware security features.

[quote="Lukas, post:8, topic:23070”]
Lockdown Mode is a big blow to usability and features, can’t even compare it to something like Vanadium, where JIT is just disabled by default and you can enable it per site with a simple toggle without having to pick between everything and a kitchen sink or nothing at all.
[/quote]

If you’re specifically talking about JIT, you can turn on/off JIT per site and per app after turning on Lockdown Mode.

[quote="Lukas, post:8, topic:23070”]
If you lose Linux on Apple Silicon, you lose important hardware and firmware security features.
[/quote]

This is a big “what if” scenario, but whatever.

Actually, I just have looked into Apple’s documentation and found this quote:

In iOS 18.2, iPadOS 18.2, macOS 15.2, tvOS 18.2, watchOS 11.2, and visionOS 2.2 and later, two new function calls are available to control and optimize DIT ( data-independent timing) for Apple devices. The functions are available on all devices regardless of whether they support DIT, but only turn on DIT on supported devices.

As a developer, you can turn off DMP for your apps, now, it seems. Of course, your app will suffer performance loss if you do this. It’s very new, so I’m not gonna voice my opinion on this.

Lockdown Mode does a lot more than just disabling JIT, it makes a lot of sites unusable or very ugly. If you turn off Lockdown Mode for a site because font blocking functionality makes a website look ugly, you will also enable JIT because there is zero granularity with Lockdown Mode.

Oh, you’re criticizing what you can turn on/off, not where you can turn it on/off, which is unclear in your previous comment.

You’re right. You can’t decide what you can turn on/off. I just want to add that malicious web fonts have been a favorite of one and zero-click malware threat actors, so Apple’s decision to block it is totally understandable. Apple has never used technical jargon to advertise or has “pro” modes for its features. Heck, it doesn’t even mention “web fonts” or “JIT” in its Lockdown Mode page.

Edit: I just found out that iLeakage has been patched, so you don’t need to turn on Lockdown Mode anymore. However, it’s still a valid tool to reduce the attack surface for anyone using Apple devices.

iLeakage is mitigated as of Safari 17.2, which ships with iOS 17.2 and macOS 14.2.

This is not the question I asked. My question was:

The response would be source for a side by side comparison with other hardware providers (chipsets, GPUs, etc.) that shows apple hardware is “much more robust”.

This was clear if the article I linked was read till the end:

While Apple has yet to formally comment on these new iLeakage attacks, in an email to Tom’s Guide, an Apple spokesperson revealed the company is aware of the issue and that it will be addressed in its next scheduled software release.

Not on first party software, so it is still open.

As an FYI, spectre can also be mitigated on x86 by disabling SMT.

All of this is not the point at all. I am sure Apple takes hardware security seriously. The original point made was apple hardware is much more robust, I asked for a source. Everything else is a tangent and off topic to this discussion anyway (honestly even the apple hardware comment was off topic but it shouldn’t be left unchallenged because these ideas then spread).

The actual topic is still undiscussed, that Qualcomm is only patching such a low amount of vuln is kinda ridiculous. Samsung beats them is also interesting. But alas no takeaways from the article, its very low on details So no clue what vuln they are, is there some way OEMs can help, etc.

I agree that we’re getting off track. We’re talking about hardware security, aren’t we? On that note,

is a software vulnerability.

It seems like that’s the approach that Apple will take regarding GoFetch. Responsible third-party developers can disable DMP if they wish.

Even then, it’s very hard to distinguish between iOS/macOS security and Apple Silicon security. I think the only source regarding this is from the GrapheneOS forum. In the before first-unlock state, only Apple Silicon and Google Silicon can withstand brute-force attacks. Hey, there’s a reason why GrapheneOS is only available on Pixel devices.

Edit: It seems like HUAWEI Kirin can also withstand brute-force attacks.

It was an example of spectre like attack as I prefaced it with “spectre like attack”.

I am not sure Google Silicon is any better for hardware vuln. In fact GOS has expressed speculative doubts about their 10th gen new silicon supporting MTE as well as their 8th and 9th gen. This just adds to the issues in the original article.

I’m not saying that Google Silicon is better (than what?). If anything, the source only suggests that Apple, Google, and HUAWEI take hardware security more seriously than MediaTek, Qualcomm, and Samsung. At the very least, their security modules are not compromised at the moment.

PS: I’m not up-to-date with rumors. In addition, the Pixel 10 series is far from being released, so you shouldn’t take any rumors about it too seriously.