A hacker attack dubbed “Leakage” managed to force Apple’s “Safari” browser to reveal passwords, email contents and more due to a vulnerability in CPUs.
The good news, however, is that it was done for a good cause, namely by a team of university researchers from “Georgia Tech”, the University of Michigan and “Ruhr Bochum” University, who decided to test the system’s resilience.
Hackers against “Safari”
“We show how a malicious user can trick ‘Safari’ into displaying a random web page and then retrieve the sensitive information contained within it using the ‘speculative execution’ feature,”
write the researchers in their note. They then state:
“Specifically, we demonstrate how ‘Safari’ allows a malicious website to retrieve secrets from popular high-value targets, such as the contents of Gmail inboxes. Finally, we demonstrate the recovery of passwords, in case they are automatically filled in by ‘password managers'”.
An Apple spokesperson said that “iLeakage” improves the company’s understanding and that they are aware of the vulnerability and plan to fix it in a future version of the software.
Source:
(Συνολικές Επισκέψεις: / Total Visits: 27)
(Σημερινές Επισκέψεις: / Today's Visits: 1)