-
Researchers have discovered an attack called iLeakage that exploits a side channel vulnerability in Apple's Safari browser, allowing hackers to access passwords and other sensitive information.
-
The attack requires reverse-engineering of Apple hardware and expertise in exploiting side channels, which leak secrets based on clues left in electromagnetic emanations or data caches.
-
iLeakage works by using JavaScript on a website to open a separate website and recover site content, such as YouTube viewing history and Gmail inbox content.
-
The attack takes about five minutes to profile the target machine and another 30 seconds to extract a 512-bit secret, such as a password.
-
While iLeakage works against Macs only when running Safari, iPhones and iPads can be attacked when running any browser because they're all based on Apple's WebKit browser engine.
-
Apple is aware of the vulnerability and plans to address it in an upcoming software release.
[link] [comments]
from hacking: security in practice https://ift.tt/VqiWD5X
Comments
Post a Comment