New Macs with an Apple processor can be hacked just by visiting a website. Researchers have developed a more effective type of attack on Apple processor-based Macs, which does not require the installation of additional software.
It has been almost five months since the arrival of the first Mac with Apple’s processor, the M1, which may represent a revolution in personal computers; By relying on ARM architecture, it allows for greater energy efficiency, which translates into lower consumption.
What is striking about the M1 is that, despite using less energy, its performance is on a par with what Intel and AMD already offer in the notebook sector. Moreover, with a different architecture and its design, the hope was that it would be less vulnerable.
However, in that respect, we can’t say that the M1 has lasted long without being hacked. In February the first hackers were already creating malware for Apple’s M1 chip, and now it has been demonstrated how it is possible to exploit one of its vulnerabilities.
New Macs with Apple processor can be hacked
The good news is that the demonstration comes from a team of researchers at Cornell University, who has published a study in which they attempted to attack different computers, each with a different type of processor. Systems with Intel Core, AMD Ryzen, Samsung Exynos, and Apple M1 processors were tested.
The shocking conclusion is that all systems tested were susceptible to suffer in these attacks, including those based on Samsung and Apple ARM processors and of course, Intel and AMD x86 processors. It was also effective on all types of web browsers, including the most secure ones such as Tor Browser.
The attack is especially striking because it does not require any type of program to be installed on the victim’s computer; The victim only has to visit a web page with a malicious JavaScript code to suffer an attack through the browser. But this type of attack can be avoided by disabling JavaScript in the browser, something that is done by the most security-conscious users but is not so common among the average user.
To demonstrate that they could infect anyone, the researchers created a sequence of attacks, which progressively relied less and less on JavaScript, until finally, it was only necessary to use CSS (which change the style of a web page) and HTML. In other words, these are elements that all browsers have and that cannot be disabled without seriously affecting navigation.
More effective on Macs
The researchers claim that “ironically”, their attacks were more effective on Samsung and Apple processors compared to the rest, despite being newer and theoretically more secure designs.
The reason lies in their cache design, which is different from that of Intel and AMD processors; in this particular type of attack, that makes them more vulnerable. This study does not prove that these processors have inferior security, but rather that hackers will develop new types of attacks to take advantage of their features.