All this is under very specific lab conditions
...how big a threat is it in the real world though?
That bit rate is very low, and the accuracy....how much other shit was running at the same time?.
Many recent Apple laptops, desktops, tablets, and phones powered by Cupertino's homegrown Silicon processors can be exploited to reveal email content, browsing behavior, and other sensitive data through two newly identified side-channel attacks on Chrome and Safari. On Tuesday, security researchers Jason Kim, Jalen Chuang, and …
As I remember, there was quite a lot of fuss around various speculative execution-related vulnerabilities, with numerous mitigations each usually contributions done performance detriment. There seems less concern here.
The reason for the difference in response is unclear to me. Are the vulnerabilities discussed in the article quantitatively less severe? Good PR effort from Apple? Something else, or a combination of factors?
This one is significantly more exploitable than Spectre.
The difference is really that Apple don't make servers. At all.
So while the attack is much easier to carry out, the payload is just Apple user's data.
Oh, hang on, who uses iPhones and what for?
Apple are clearly terrified because they spoke to El Reg
Guess I'll just keep using this ol' iPhone 8 Plus as long as I possibly can! Already on its second battery; maybe I can make it last until Apple finds a way to patch this.
(I don't like the idea of losing TouchID anyway, even though the newer shiny has brighter screens and supposedly longer-life batteries, plus Wi-Fi improvements.)
a web browser is enough. Just a web browser, an ordinary user process, which shouldn't be able to do anything remarkable, is enough to trigger.
We had similar bugs on x86 and others, across multiple OS-es.
Not some crafty assembler, adjusted for timing and unique behaviour of the CPU, no - just. a. web. browser.
We are sooooooo frigged. And I am not even using any Apple product at home, but I know: Tomorrow it could hit me. No matter which OS, no matter which architecture. (I have to add to the latter: Architecture fast enough for todays needs, not last millennia)