Security News > 2023 > October > Apple Vulnerability Can Expose iOS and macOS Passwords, Safari Browsing History
The vulnerability, which the researchers named iLeakage, enables threat actors to read Gmail messages, reveal passwords and uncover other personal information.
The iLeakage vulnerability has not yet been exploited in the wild as of October 27.
ILeakage is important to know about because of its novel approach and because the number of devices potentially open to exploitation through iLeakage is so high.
Apple has enabled a mitigation for iLeakage in macOS Ventura 13.0 and newer releases, but it takes some work to find it.
To activate the mitigation, follow the instructions posted on the iLeakage site under "How can I defend against iLeakage?" to access Safari's debugging menu.
iLeakage can be hard to trace because it doesn't appear in the system's log files, the researchers said; instead, iLeakage resides entirely within Safari.
News URL
https://www.techrepublic.com/article/apple-ios-ileakage/
Related news
- Oracle warns that macOS 14.4 update breaks Java on Apple CPUs (source)
- Hardware-level Apple Silicon vulnerability can leak cryptographic keys (source)
- New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys (source)
- New GoFetch Vulnerability in Apple’s M Chips Allows Secret Keys Leak on Compromised Computers (source)
- Hardware Vulnerability in Apple’s M-Series Chips (source)
- Apple's 'incredibly private' Safari is not so private in Europe (source)