New Research Unveils Vulnerabilities in Apple Silicon Chips

In this video, Hering Tang, a Ph.D. student at the University of Korea, presents an innovative research project on microarchitectural vulnerabilities and system security, with a particular focus on Apple Silicon. Apple Silicon is an ARM-based system chip designed by Apple, which has recently replaced x86 processors in their products. This transition raises crucial questions about the security of this new architecture and the behavior of vulnerabilities in this environment. The research project focuses on a new attack technique that exploits speculative execution and security mechanisms such as ASLR (Address Space Layout Randomization) on Apple Silicon processors. This technique, named "C-Bombs," is the first to successfully bypass ASLR on Apple Silicon chips. It combines speculative execution within system calls with a technique based on the TLB (Translation Lookaside Buffer). To understand this attack, it is essential to grasp a few key concepts. Microarchitectural attacks exploit the internal workings of the CPU to infer internal states or behaviors, thereby extracting sensitive information. Spectre and Meltdown are well-known examples of such attacks. These attacks target specific processor components such as caches, the TLB, branch predictions, and execution units. By closely observing these components, attackers can bypass traditional security boundaries between user applications and the operating system. ASLR is a widely used security technique that makes it more difficult to predict the exact location of critical data structures or code in memory. To bypass ASLR, attackers must first determine the exact location of the kernel. The TLB plays a crucial role in this attack. It is a type of cache that helps the system manage address translations more efficiently. When a virtual address is translated into a physical address, the TLB stores this translation for future use, thereby speeding up memory access. The C-Bombs technique uses the TLB to determine whether a kernel address is valid or not. By accessing a target address, if the address is valid, the translation is stored in the TLB, allowing faster access on future accesses. Conversely, if the address is invalid, the translation is not stored, making access slower. By measuring these differences in access times, attackers can determine the validity of kernel addresses. However, modern operating systems use a technique called KPTI (Kernel Page Table Isolation) to separate kernel and user page tables, preventing address translations for the kernel space in user mode. To bypass this protection, researchers discovered a Spectre gadget in Apple Silicon that allows bypassing the input validation process using speculative execution. This enables access to kernel addresses and leaves traces in the TLB. To verify if a kernel address is loaded in the TLB, researchers use a technique called Prime+Probe. This technique involves filling the TLB with specific addresses and then checking if these addresses are still present after accessing the target address. By measuring access times, they can determine if the target address has been loaded into the TLB. The researchers also discovered specific details about the implementation of ASLR in macOS, allowing them to create an oracle capable of distinguishing valid kernel addresses. They tested their technique on several system calls and found that it could locate the kernel's base address with 96% accuracy in less than 3 seconds. To counter this attack, several measures can be taken. At the software level, it is possible to prevent speculative execution by using control instructions such as DSB and ISB on the ARM architecture. At the hardware level, one solution is to store invalid address translations in the TLB, eliminating differences in access times. Another approach is to separate the TLB into sections reserved solely for users and the kernel, preventing interactions between user and kernel entries. In conclusion, this research demonstrates that it is possible to compromise ASLR on Apple Silicon chips using a new approach that combines a Spectre-type vulnerability and the effects of address translation on the TLB. The researchers also discussed potential countermeasures that can be applied at different levels to mitigate this vulnerability. To learn more, watch the full video here: https://www.youtube.com/watch?v=-WO_1EKkdJk