Conversation

Notices

1. Embed this notice
   Dan Goodin (dangoodin@infosec.exchange)'s status on Tuesday, 31-Oct-2023 02:50:06 JST Dan Goodin

   A reminder that ALL browsers running on iOS are vulnerable to iLeakage, the attack that allows hackers to steal passwords and other sensitive data when you visit their booby-trapped websites. It's not just Safari on iOS, although that's the only browser affected on macOS. Currently, there's no patch available.

   https://arstechnica.com/security/2023/10/hackers-can-force-ios-and-macos-browsers-to-divulge-passwords-and-a-whole-lot-more/

   • Embed this notice
     feld (feld@bikeshed.party)'s status on Tuesday, 31-Oct-2023 02:50:05 JST feld

     in reply to
     @dangoodin yes but basically nobody on the planet has the ability to exploit it
     
     > An attacker needs to not only have years of experience exploiting speculative execution vulnerabilities in general but also have fully reverse-engineered A- and M-series chips to gain insights into the side channel they contain.
     
     You're gonna make people freak out over something that only people who are being targeted by state actors should care about
   • Embed this notice
     feld (feld@bikeshed.party)'s status on Tuesday, 31-Oct-2023 03:05:44 JST feld

     in reply to
     @dangoodin the same vulnerability *definitely* exists in every modern CPU with speculative execution. (all of them, essentially). It just hasn't been "discovered" yet.
     
     this is bad tech journalism... really irresponsible.
   • Embed this notice
     Dan Goodin (dangoodin@infosec.exchange)'s status on Tuesday, 31-Oct-2023 03:05:45 JST Dan Goodin

     in reply to

     • feld

     @feld

     Yes, I'm making people freak out.