iEnFlow: Endogenous Control-Flow Attacks via Conditional Branch Prediction on Apple Silicon

Abstract

Control-flow attacks have drawn increasing attention in microar-chitectural security research due to their ability to expose sensitive data by revealing or manipulating program control-flow. Prior work has primarily focused on x86 architectures, with relatively few studies exploring such attacks on ARM-based Apple silicon processors. Meanwhile, existing microarchitectural side-channels that leak control-flow information on Apple silicon either rely on microarchitectural components beyond the branch predictor or lack a comprehensive understanding of branch predictor designs, which limits their generality and scalability. In this paper, we present iEnFlow, the first endogenous and finegrained control-flow attacks on Apple silicon that originate directly from the branch predictor itself. We target the conditional branch predictor (CBP) and reverse-engineer its internal design, including branch history length, hashing function, and predictor-table indexing scheme. Based on these reverse-engineering results, we develop primitives to read and write branch history and predictortable entries, enabling unprivileged leakage and manipulation of the CBP on macOS. Using these primitives, we implement two attacks to demonstrate the effectiveness of iEnFlow. First, we perform a KASLR break attack, successfully leaking kernel addresses and bypassing mitigations deployed on macOS. Second, we demonstrate an out-of-place Spectre-PHT attack on Apple silicon. Our results show that control-flow leakage and speculative exploitation can originate purely from the branch prediction unit itself, rather than from side-effects in other microarchitectural components.