Apple recently launched its first chipset under Apple Silicon — M1 and the company have already started transitioning from the Intel-based chips to its own ARM-based processors. While the user’s response has been pretty good, we keep hearing about issues facing the new M1-powered devices as time goes by.
In the latest development, security researchers have discovered a first browser side-channel attack that is JavaScript-free and it appears that the new Apple M1 chips may be vulnerable to the attack.
Researchers at Cornell University started with the goal of exploring the effectiveness of disabling or restricting JavaScript for mitigating attacks. During the research, they created a new side-channel proof of concept in CSS and HTML which could open the door to “microarchitectural website fingerprinting attacks.” It works even if script execution is completely blocked on a browser.
The vulnerability allows attackers to eavesdrop on a user’s web activity by leveraging features in the target’s packet sequence. Not only can it bypass JavaScript but it also disregards privacy technologies like VPNs or TOR.
The team tested the attack on Intel Core, AMD Ryzen, Samsung Exynos, and Apple M1 chips and while almost all CPU architectures are susceptible to the attack, the researchers claim that Apple M1 and Samsung Exynos chips are more vulnerable to their exploits.
This is the second vulnerability found to affect Apple M1 chip that has surfaced in recent weeks. Last month, researchers discovered a mysterious malware strain called Silver Sparrow that had the ability to run natively on Mac devices with M1 chips.
RELATED:
