Hãy viết lại bài viết dài kèm hashtag về việc đánh giá sản phẩm và mua ngay tại Queen Mobile bằng tiếng VIệt: New iLeakage attack can steal your emails and passwords on iPhones and Macs — how to stay safe

Mua ngay sản phẩm tại Việt Nam:
QUEEN MOBILE chuyên cung cấp điện thoại Iphone, máy tính bảng Ipad, đồng hồ Smartwatch và các phụ kiện APPLE và các giải pháp điện tử và nhà thông minh. Queen Mobile rất hân hạnh được phục vụ quý khách….
_____________________________________________________
Mua #Điện_thoại #iphone #ipad #macbook #samsung #xiaomi #poco #oppo #snapdragon giá tốt, hãy ghé [𝑸𝑼𝑬𝑬𝑵 𝑴𝑶𝑩𝑰𝑳𝑬] ✿ 149 Hòa Bình, phường Hiệp Tân, quận Tân Phú, TP HCM
✿ 402B, Hai Bà Trưng, P Tân Định, Q 1, HCM
✿ 287 đường 3/2 P 10, Q 10, HCM
Hotline (miễn phí) 19003190
Thu cũ đổi mới
Rẻ hơn hoàn tiền
Góp 0%

Thời gian làm việc: 9h – 21h.

KẾT LUẬN

Hãy viết đoạn tóm tắt về nội dung bằng tiếng việt kích thích người mua: New iLeakage attack can steal your emails and passwords on iPhones and Macs — how to stay safe

If you thought your , think again. Academic researchers have developed a new attack method that can steal sensitive data from anyone using Safari on their Apple devices.

As reported by , this new side-channel attack has been given the name by a team of researchers from Georgia Tech, University of Michigan and Ruhr University Bochum. When launched on a vulnerable Apple device, this attack can be used to steal emails, passwords, and other important data right from Safari. However, it also works on Firefox, Tor, and Edge on iOS.

, as well as the using Apple Silicon. This means that newer Macs running , and potentially even Apple’s upcoming chips are impacted.

While iLeakage was developed by academic researchers, and shares a lot of similarities with 2018’s which affect Intel CPUs, it currently isn’t being used in the wild by hackers in their attacks. However, now that we know Apple Silicon is vulnerable to this type of attack, hackers could develop their own implementation of iLeakage or create a similar attack method in the future.

Stealing emails and passwords from Apple devices

As iLeakage is a novel attack method, it’s quite complicated and you can see all the details in this (PDF) written by the team that developed it. 

Essentially, the attack works by forcing Safari to render an arbitrary webpage and then sensitive information within it is recovered using speculative execution. The researchers managed to do this by overcoming the side-channel protections — like the low-resolution timer, compressed 35-bit addressing and value poisoning — that Apple has implemented in Safari. 

They also employed speculative type confusion to bypass these restrictions, and this allowed them to leak sensitive data such as emails and passwords from a targeted page. In a series of YouTube videos (, , ), the researchers showed how they were able to as well as retrieve a password from an Instagram test account that was auto-filled in Safari using .

From here, they took things a step further by demonstrating how iLeakage attacks also work on Chrome for iOS. This is possible because Apple’s policy requires all third-party browsers for iOS to actually be overlays running on top of Safari which uses its JavaScript engine.

While Apple has yet to formally comment on these new iLeakage attacks, in an email to Tom’s Guide, an Apple spokesperson revealed the company is aware of the issue and that it will be addressed in its next scheduled software release.

How to stay safe from iLeakage 

All Apple devices released from 2020 onwards that use either the company’s A-Series or M-Series ARM processors are impacted by iLeakage. Since this attack is essentially undetectable, as it leaves no trace on a victim’s devices, you may be wondering what you can do to stay safe.

Fortunately, the researchers behind iLeakage privately disclosed this new attack to Apple back in September of last year and the company developed mitigations for macOS. It’s worth noting that the researchers say that this attack is difficult to carry out since advanced knowledge of browser-based side-channel attacks, and Safari’s implementation are required to do so. Still though, if you’re worried, here are some steps you can take to keep your Mac safe if you’re running or higher.

To start, open Terminal on your Mac and run “defaults write com.apple.Safari IncludeInternalDebugMenu 1” to enable Safari’s hidden debug menu. Now when you open Safari, its Debug menu will be visible and you can use it to open the “WebKit Internal Features” setting. When scrolling through this menu, you need to activate “Swap Processes on Cross-Site Window Open.” While this will protect you, it could introduce some stability issues on your Mac. For this reason, you might want to hold off on doing this and wait for Apple to formally address iLeakage in its next major software update.

As for protecting your Mac from malware and other viruses, you should also consider installing the as well. Likewise, and can scan your iPhone or iPad for malware but they need to be plugged into your Mac using a USB cable to do so.

Unlike that are often used by hackers in their attacks, iLeakage is a proof of concept which shows that Apple Silicon is vulnerable to side-channel attacks just like processors from Intel, AMD and other chip makers. We could potentially find out more in the future but this won’t happen until a fix for iLeakage is rolled out and even then, Apple tends to play things close to the chest regarding vulnerabilities and new attack methods.

More from Tom’s Guide

Xem chi tiết và đăng kýXem chi tiết và đăng ký