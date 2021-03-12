



Apple recently launched its first chipset under the Apple Silicon — M1, and the company has already begun the transition from Intel-based chips to its own ARM-based processors. The user response is pretty good, but over time, we continue to hear about the problems facing new M1-powered devices.

In the latest development, security researchers have discovered the first browser-side-channel attack that does not use JavaScript, and it seems that the new Apple M1 chip may be vulnerable to the attack.

Researchers at Cornell University began with the goal of investigating the effectiveness of disabling or limiting JavaScript to mitigate attacks. During the investigation, they created a new side-channel proof of concept in CSS and HTML. This could open the door to “microarchitecture website fingerprint attacks.” It works even if the browser completely blocks script execution.

The vulnerability could allow an attacker to take advantage of the targeted packet sequencing capabilities to eavesdrop on a user’s web activity. Not only can it bypass JavaScript, it also ignores privacy technologies such as VPN and TOR.

The team has tested attacks on Intel Core, AMD Ryzen, Samsung Exynos, and Apple M1 chips, and while almost all CPU architectures are vulnerable to attacks, researchers have found that Apple M1 and Samsung Exynos chips are more susceptible to their exploitation. Claims to be vulnerable.

This is the second vulnerability that has been found to affect the Apple M1 chips that have surfaced in the last few weeks. Last month, researchers discovered a mysterious malware strain called SilverSparrow that could run natively on Mac devices with M1 chips.

