OVERKILL
$100 Site Donor 2021
An interesting "proof of concept" exploit has been developed that leverages a lack of rigour in the speculative execution protection mechanism on Apple native silicon (A-series and M-series CPU's), allowing data leakage.
The demonstration used a website that spawns a pop-up that leaks data from the other tabs you have open, including autofill usernames and passwords. They were also able to capture e-mail contents from a gmail window.
The exploit only works on Safari on MacOS, but works on all browsers on iOS, since they all use Apple's WebKit.
More details on it here:
Hackers can force iOS and macOS browsers to divulge passwords and much more | Ars Technica
The demonstration used a website that spawns a pop-up that leaks data from the other tabs you have open, including autofill usernames and passwords. They were also able to capture e-mail contents from a gmail window.
The exploit only works on Safari on MacOS, but works on all browsers on iOS, since they all use Apple's WebKit.
More details on it here:
Hackers can force iOS and macOS browsers to divulge passwords and much more | Ars Technica