The Broadband Guide
search advanced

New iLeakage attack steals emails, passwords from Apple Safari

2023-10-26 15:59 by
Tags: , ,


Academic researchers have recently discovered and named a new speculative side-channel attack called iLeakage, which has the potential to extract sensitive information from the Safari web browser on all recent Apple devices. This marks the first demonstration of a speculative execution attack against Apple Silicon CPUs and the Safari browser. It can be used to retrieve with "near perfect accuracy" data from Safari, as well as Firefox, Tor, and Edge on iOS.

The researchers warn the flaw also affects all browsers on iOS since Apple requires third-party browsers to use its WebKit engine on the operating system. Fortunately, the technique requires a high level of technical knowledge to pull off, which is perhaps the main reason why speculative execution attacks have never caught on in the cybercriminal community.

It's expected that Apple will be able to patch the flaw before attackers are able to replicate the work carried out by the security researchers to discover how to exploit it. Indeed, the fact that they have chosen to share as much information as they have in advance of a patch is a sign of that confidence.

Users don't need to panic about iLeakage. A future update will likely address the iLeakage attack vector, and there is already a toggle in macOS Safari that mitigates iLeakage - though it's off by default.

Read more -here-


  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About