Scholars have recently identified a Safari vulnerability termed “iLeakage“, which specifically affects Apple devices using the A and M-series CPUs, prevalent in iOS, iPadOS, and macOS gadgets.
This flaw permits intruders to access confidential details from the Safari internet browser. It achieves this by making Safari display a specific web page and then retrieving the delicate data through speculative execution.
For a successful breach, the intruder needs the unsuspecting Safari user to access a harmful site. This site then instantaneously opens another webpage from which data is intended to be stolen. Realistically, this security gap could be manipulated through a harmful website to access contents of a Gmail inbox or even retrieve passwords saved by password management tools.
The security gap affects all Apple devices introduced since 2020, which use Apple’s ARM-based A-series and M-series chips. Apple was informed about this issue on 12th September 2022.
While Apple has provided a remedy for this on macOS Safari, it isn’t activated by default and has been reported to be unstable by the experts. It is anticipated that Apple will rectify this vulnerability before potential attackers can mimic the methods used by these security experts to find and exploit the loophole. To maintain security, it’s recommended that users regularly update their Safari browser and apply the most recent security patches via the Apple Software Update.
See also:
- https://thehackernews.com/2023/10/ileakage-new-safari-exploit-impacts.html?m=1
- https://www.securityweek.com/ileakage-attack-exploits-safari-to-steal-sensitive-data-from-macs-iphones/
- https://9to5mac.com/2023/10/26/ileakage/
- https://www.techrepublic.com/article/apple-ios-ileakage/
- https://www.pcmag.com/news/ileakage-flaw-can-prompt-apples-safari-to-expose-passwords-sensitive-data
- https://ileakage.com