Here's how you can pet a dog and score an achievement in MWZ.
'iLeakage' Flaw Can Prompt Apple's Safari to Expose Passwords, Sensitive Data
26.10.2023 - 03:43 / pcmag.com
Security researchers have discovered a vulnerability in Apple products that can be abused to force the Safari browser to leak a user’s login credentials and other sensitive data to a hacker.
On Wednesday, a team of researchers—which includes Daniel Genkin, a cybersecurity professor at Georgia Tech—published a paper and website warning users about the threat. The vulnerability, dubbed “iLeakage,” affects Macs and iPhones from 2020 and onwards that were built with the company’s Arm-based A-series and M-series chips.
The flaw builds off an existing attack technique that’s been used on CPUs for the past six years. Back in 2018, security researchers disclosed that all modern CPUs can be manipulated to leak sensitive information by exploiting an integral feature on the processors called “speculative execution.”
Through speculative execution, a chip can essentially prefetch instructions, cutting down on load times. However, the same feature can pre-fetch sensitive data, which can be leaked through “side channels” on a PC, like the state of the memory cache, giving hackers a way to peek at the normally protected information.
Although the tech industry has developed various ways to lessen the threat, Genkin and his team discovered that speculative execution attacks can also affect Apple’s Arm-based chips. The threat allowed them to create a proof-of-concept attack using a malicious website that can essentially siphon protected information from the Safari browser.
The attack works partly by harnessing the JavaScript window.open API. Researchers noticed the function can bring the victim’s website data into the same address space of their malicious website, giving them a way to read any leaked sensitive information from a targeted Mac or iPhone.
"Thus, we created an attacker page that binds window.open to an onmouseover event listener, allowing us to open any web page in our address space whenever the target has their mouse cursor on the page," the team's research paper says. "We note that even if the target closes the opened page, the contents in memory are not scrubbed immediately, allowing our attack to continue disclosing secrets."
In three video demos, the team showed the attack works if a user visits the malicious website. The page can then be triggered to open a new window to whatever website the hackers wants to siphon secrets from, like a Gmail inbox or a YouTube watch history. In one video, the malicious site opens a window for the Instagram login page. The attack then proceeds to steal the username and password autofilled with the user’s Safari browser.
The researchers warn the flaw also affects all browsers on iOS since Apple requires third-party browsers to use its WebKit engine on the
The website gametalkz.com is an aggregator of news from open sources. The source is indicated at the beginning and at the end of the announcement. You can send a complaint on the news if you find it unreliable.
Top Authors
Popular Topics
gamespot.com
10.11.2023 / 21:23
Metroid Fans Can Save On This Amiibo Double Pack Ahead Of Black Friday 2023
This twin-pack of Amiibo figures is a must-have for Metroid Dread fans.
gamespot.com
10.11.2023 / 06:11
New Costco Members Can Get A Free $40 Gift Card
Beyond groceries, Costco often slashes prices on games, TVs, laptops, and other popular electronics.
gamingbolt.com
10.11.2023 / 02:25
Remnant 2: The Awakened King Can be Played in Co-Op Without Everyone Owning the DLC
Developer Gunfire Games has revealed that the upcoming Remnant 2 DLC, The Awakened King, can be played in co-op multiplayer without all players owning the DLC. The studio stated on social media that players that don’t own the DLC can still join players that do.
pcgamer.com
09.11.2023 / 22:29
The Steam Deck's new clear plastic limited edition is giving me overpowering OLED envy, but I can't keep blowing money on these things
Like many in my millennial age cohort, I've got a sickening nostalgic obsession with clear plastic electronics: Game Boys, OG MacBooks, Discmen. It's god's own design language, I tell you, not just rosy memories of the late '90s and early aughts! No doubt taking note of the many aftermarket solutions for giving the Steam Deck a clear plastic makeover, Valve's gone ahead and made its own, official version.
gamesradar.com
09.11.2023 / 22:25
This gorgeous Metroidvania has it all: Mexican folklore, tasty-looking food, and "combat-oriented" gameplay
In another life, I'm a food critic. Tasting dishes from different cultures is undoubtedly my greatest passion next to video games, and so I ask that you forgive me before I go on way too long about the wonderfully rendered traditional Mexican cooking in the upcoming Metroidvania Mariachi Legends.
gamepur.com
08.11.2023 / 18:35
Pokemon Go Teams Up With McDonalds To Bring More PokeStops To Canada
Pokemon Go is no stranger to brand partnerships, bringing Sponsored PokeStops to several businesses across many countries. Now, they’ve partnered with McDonald’s to create Sponsored PokeStops across Canada.
gamesindustry.biz
08.11.2023 / 16:51
GamesIndustry.biz crowns 2023 Best Places To Work Awards Canada winners
We can at last reveal the winners of the 2023 Canada GamesIndustry.biz Best Places To Work Awards.
pcgamesinsider.biz
08.11.2023 / 10:13
Ubisoft to cut 98 jobs across its Canadian business
French publishing giant Ubisoft is making cuts to its Canadian offices.
pcgamer.com
07.11.2023 / 21:45
The layoffs continue: Ubisoft cuts 124 jobs worldwide, including nearly 100 in Canada
The game industry has suffered yet another round of layoffs, as Ubisoft confirms that it has cut 124 employees worldwide as part of an ongoing restructuring effort. The bulk of that number, 98 in total, were let go from Ubisoft's business administrative services and IT in Canada, as well as the Hybride VFX studio in Montreal.
wccftech.com
06.11.2023 / 22:09
Apple’s Macs Can Now Detect Any Liquid Found In The USB-C Ports, Helping Cut Down False Warranty Claims
Apple reportedly provides legendary warranty service to its customers, but there are occasions in which Mac owners attempt to claim false warranty, especially when it comes to hardware that no longer works because of liquid damage. Before, it was impossible to detect if any Macs’ USB-C port was damaged due to liquid entry, but everything will change going forward.
gamesreviews.com
02.11.2023 / 14:21
First Look Steam Review: Can Scrooge redeem himself and save London before Christmas, in this 2D Victorian Metroidvania
It all began with Jacob Marley. We all remember that Jacob Marley was put in chains for being materialistic and greedy. Well, what if other ghosts existed that were also punished in the same way? What if there were many ghosts in London and all had their own punishments? Well, Orbit Studio used this idea and created something extraordinary.