A group of security researchers appear to have discovered a security threat that could potentially affect M1 based Macs. According to AppleInsider, the threat is the first browser based side-channel attack which happens to be JavaScript free. It has also been noted that the M1 Macs may be more vulnerable to these attacks.
“Ironically, we show that our attacks are sometimes more effective on these novel CPUs by Apple and Samsung compared to their well-explored Intel counterparts, presumably due to their simpler cache replacement policies,” the researchers have written.
The new attack while being simple appears to be sophisticated. It is written entirely in HTML and CSS – being described as “architecturally agnostic”. It has been reported that the security threat is able to exploit chips made by Intel, AMD, Samsung, and Apple Silicon (M1).
The research paper on the new security threats affecting M1 Macs has been published by the famed Cornell University. The group was reportedly testing the effectiveness of disabling JavaScript to reduce the risk of cyber attack.
The team of researchers were reportedly able to create a proof of concept for the side-channel. It was reportedly built entirely using HTML and CSS – something that could open the world of the internet to “microarchitectural website fingerprinting attacks.” The cyber attack will reportedly work even when the script execution feature is disabled on browsers.
The security attack being researched upon can reportedly track affected users’ complete web activity. It reportedly uses the feature of target packet sequence to track users activity on the internet. It does not matter to the attack if JavaScript is enabled or not – it will continue to work. Also, it is successfully able to work even when a VPN or TOR is being used.
The research team studying the new side-channel attack includes researchers from the University of Michigan, the University of Adelaide, and the University of the Negev.
