Vulnerability discovered in iOS and macOS allows stealing passwords and other data from Safari
Security researchers have recently uncovered a significant vulnerability in Apple's iOS and macOS operating systems, which has been dubbed "iLeakage." This vulnerability poses a serious threat to users, allowing malicious actors to exploit Apple's Safari browser for the theft of passwords, emails, payment information, and other sensitive data.
According to the researchers, there have been no confirmed cases of malicious exploitation of this vulnerability at the moment. However, the potential threat remains highly concerning.
The iLeakage vulnerability becomes evident during a user's web browsing session. In this scenario, another web resource with malicious code is secretly launched in the background to compromise memory isolation. The flaw lies in the WebKit browser engine's practice of grouping websites from different domains into a single process using the JavaScript function window.open. Consequently, malicious websites gain access to shared memory, enabling them to extract confidential data from the entire process.
Security researchers have demonstrated how they were able to successfully compromise logins and passwords from several popular social networks, recover emails from Gmail, access YouTube viewing histories, and even collect data from Safari's autofill feature.
iLeakage affects devices equipped with A12, M1, and newer processors. The vulnerability has been identified exclusively in browsers based on WebKit. This means it impacts all browsers available on iOS devices, while on macOS, it affects Safari exclusively.
It is worth noting that in 2018, similar vulnerabilities known as Spectre and Meltdown were discovered in AMD and Intel processors. In response to these findings, companies issued patches, and Apple improved its security system to defend against such attacks by incorporating safeguards into its own chips. However, as reported by researchers, iLeakage manages to bypass these security measures.
It is essential to highlight that, despite the significant threat posed by iLeakage, launching an attack utilizing this vulnerability requires a deep understanding of Apple's processor architecture and experience with similar vulnerabilities. This complexity may explain why the vulnerability has not been exploited by malicious actors thus far. Nonetheless, Apple is aware of the issue and is preparing the necessary updates to mitigate the risk.
- Related News
- iPhone 16 may get colored matte glass back panel, 7 colors
- When will Apple release Vision Pro 2 headset?
- Closing of iPhone factory in China has spawned a new ghost town
- New iPad Pro to receive M4 chip and to be more powerful than Apple computers
- iOS 18: What to expect from new version of Apple's operating system?
- Insider shows mockups of all 4 iPhone 16 models
- Most read
month
week
day
- 10 most interesting architectural works of Zaha Hadid 855
- Alphabet will pay dividends for the first time in its history 840
- Google is developing a budget smartwatch 806
- Large taxpayers of Armenia’s IT sector: What changes have taken place in 2024 Q1? 744
- iPhone users can now login into WhatsApp without password 728
- Insider shows mockups of all 4 iPhone 16 models 701
- Digital Julfa Network is launching a pan-Armenian centre in the metaverse, on the Fastexverse virtual platform 675
- 8800 mAh battery, 2.4K IPS screen, thermal imager: Blackview has introduced a new ultra-durable smartphone 642
- iPhone sales in China drop by about 20%: What is the reason? 620
- Sparkles: Boston Dynamics unveils a furry robot dog that can dance (video) 604
- Archive