VTA-004468 – Apple Vulnerability Exploitation Allows Attackers to Recover Sensitive Information from Safari
This exploit is present in devices running IOS or macOS with either the A-series or M-series CPUs which is present in all recent iPhones and iPads. Additionally, Laptops and Desktops from apple from 2020 and onwards are also vulnerable to this exploit. What makes iLeakage a big threat is that it is highly unlikely to be detected as the exploit does not leave a trace in the system’s log files and runs on the Safari browser. However, there may be a chance that the attacker’s webpage that is hosting iLeakage may be present in the browser cache of recently visited pages. While there are no traces of iLeakage being abused by malicious entities, it is extremely difficult to carry out the attack end-end and requires an advanced knowledge of browser-based side-channel attacks and Safari’s implementation. The group of academics who devised iLeakage has notified Apple about this particular exploit and Apple has implemented a mitigation for this exploit on macOS.
Technical Impact Analysis:
Loss of Confidentiality
Business Impact Analysis:
SuperPRO’s Threat Countermeasures Procedures:
1. Ensure update your device OS to latest version.
2. Implement password best practices for ensuring online security and protecting sensitive information.
3. Raise the awareness of website browsing.
4. Enable Two-Factor Authentication to add an extra layer of security.
6. Regularly back-up to ensures that even if your system is compromised, your critical data remains safe.
Contributed by: Sherman