This vulnerability may lead to microarchitectural website fingerprinting attacks, the researchers say. A website fingerprinting attack allows an eavesdropper to determine the target’s web activity by leveraging features from the target’s packet sequence. This also effectively disregards the application of most privacy-protecting technologies such as VPNs, proxies, or even TOR.
Despite that, the new form of the attack demonstrated by researchers from universities in the United States, Australia, and Israel is effective as it only relies on CSS and HTML, making it the first side-channel attack that works on Apple’s M1 chips.
MacDailyNews Take: According to the report, the researchers notified all of the impacted chip vendors. Apple responded stating that the public disclosure of their findings does not raise any concerns:
“We hypothesize that the M1 architecture makes use of less advanced cache heuristics, and that, as a result, the simplistic memory sweeps our attack performs are more capable of flushing the entire cache on these devices than they are on the Intel architecture. Cache attacks cannot be prevented by reduced timer resolution, by the abolition of timers, threads, or arrays, or even by completely disabling scripting support. This implies that any secret-bearing process which shares cache resources with a browser connecting to untrusted websites is potentially at risk of exposure.”