Safari Flaw Can Expose iPhone Users in the EU to Tracking
Apple's implementation of installing marketplace apps from Safari is heavily flawed and can allow a malicious marketplace to track users across websites
iLeakage
We present iLeakage, a transient execution side channel targeting the Safari web browser present on Macs, iPads and iPhones. iLeakage shows that the Spectre attack is still relevant and exploitable, even after nearly 6 years of effort to mitigate it since its discovery. We show how an attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution. In particular, we demonstrate how Safari allows a malicious webpage to recover secrets from popular high-value targets, such as Gmail inbox content. Finally, we demonstrate the recovery of passwords, in case these are autofilled by credential managers.
Mettez à jour iOS ! WebKit contient une vulnérabilité dangereuse
Apple a publié iOS 15.3.1 pour corriger la vulnérabilité CVE-2022-22620 de WebKit, qui serait activement exploitée par les cybercriminels. version EN
Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw
"Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year."
Mettez à jour iOS ! WebKit contient une vulnérabilité dangereuse
Apple a publié iOS 15.3.1 pour corriger la vulnérabilité CVE-2022-22620 de WebKit, qui serait activement exploitée par les cybercriminels. [version EN](https://www.kaspersky.com/blog/webkit-vulnerability-cve-2022-22620/43650/)
Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw
"Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year."
Mettez à jour iOS ! WebKit contient une vulnérabilité dangereuse
Apple a publié iOS 15.3.1 pour corriger la vulnérabilité CVE-2022-22620 de WebKit, qui serait activement exploitée par les cybercriminels. [version EN](https://www.kaspersky.com/blog/webkit-vulnerability-cve-2022-22620/43650/)
Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw
"Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year."