What information should be added to the site regarding iLeakage? It’s avoidable on MacOS by not using Safari. However, it affects all browsers in iOS. They say Lockdown mode hinders the attack by disabling JIT but it’s unclear whether it would be a sufficient mitigation.
The vulnerability is documented at ileakage.com
iLeakage is a practical attack that requires only minimal physical resources to carry out. The biggest challenge—and it’s considerable—is the high caliber of technical expertise required. An attacker needs to not only have years of experience exploiting speculative execution vulnerabilities in general but also have fully reverse-engineered A- and M-series chips to gain insights into the side channel they contain. There’s no indication that this vulnerability has ever been discovered before, let alone actively exploited in the wild.
That means the chances of this vulnerability being used in real-world attacks anytime soon are slim, if not next to zero. It’s likely that Apple’s scheduled fix will be in place long before an iLeakage-style attack site does become viable.
TL;DR: You probably do not have to worry about it (yet).
Wouldn’t the cache topology be the same across devices for any device model? For example, if an attacker could succeed exploiting their own MacBook’s M1, why wouldn’t it work on other laptops of the same model with an M1?
This attack is happening on the researcher’s devices where they have full control over everything. It’s pretty much just a proof-of-concept.
It’s a very long way from there to “just put this script on any website and pwn everyone with an Apple Silicon M-Chip”.
True, but it may only require a handful of technically skilled individuals to implement a method of exploiting many devices simultaneously. We will have to wait and see if any such attempts come into fruition in coming months.
No, they say that Lockdown Mode mitigates this attack, it’s pretty definitive.
True, but most people don’t want to face Lockdown mode’s limitations. The most problematic one for most would be having FaceTime calls auto-denied from people you haven’t called before. With this, you’d need to disable Lockdown mode, call the person a first time, and then re-enable it. You’d need to do this for every single person you meet and want to FaceTime with.
You just call them once, you don’t have to disable Lockdown Mode to make an outgoing call.
That’s fair enough though, I understand why some people wouldn’t want to enable Lockdown Mode. I’m just saying that it does mitigate this attack, because your OP implied it merely might protect against it.
Right, I was misreading when they mentioned nuances regarding Lockdown mode. What happens if both you and the other person have Lockdown mode enabled?
If you both have Lockdown Mode enabled:
- You call them, their phone auto-declines the call
- They call you back manually, your phone will ring because you’ve just tried calling them (even though they declined)
Then from that point you’ve both called each other so it should work normally.