A recent disclosure by security researchers indicates that the browser Safari of Apple, which works with processors of its A and M series companys, it is vulnerable to an attack, exposing passwords, Gmail content and more.
The attack, called iLeakage, appears to be quite competent in terms of exposure data, although its execution requires expertise.
The iLeakage attack, explained in simpler terms, exploits a vulnerability known as a side channel channel). Such vulnerabilities expose data based on remnants or traces from data caches, among others.
A distinct feature of modern CPUs, known as speculative execution, is the side channel used. This feature, although released to improve performance, has become the foundation for too many attacks in recent years.
In the practical application of this discovery, when a vulnerable macOS or iOS device accesses a website like iLeakage, the website asks the device to open another website.
https://www.youtube.com/watch?v=Z2RtpN77H8o
So an attacker could, in theory, gain access to a user's YouTube viewing files, the contents of a Gmail account, or even auto-filled passwords.
However, for the exploit to be fully effective, the target device must first spend five minutes on the malicious profiling site. Data extraction could then take an additional 30 seconds on average.
