VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities
We present iLeakage, a transient execution side channel targeting the Safari web browser present on Macs, iPads and iPhones. iLeakage shows that the Spectre attack is still relevant and exploitable, even after nearly 6 years of effort to mitigate it since its discovery. We show how an attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution. In particular, we demonstrate how Safari allows a malicious webpage to recover secrets from popular high-value targets, such as Gmail inbox content. Finally, we demonstrate the recovery of passwords, in case these are autofilled by credential managers.
iLeakage is practical and requires minimal resources. A patch isn't (yet) available.
Apple, Microsoft, Google, Amazon, les géants de la technologie adoptent tous les passkeys comme alternative aux mots de passe. Le système a aussi de quoi séduire les entreprises, tant pour sa sécurité que pour sa simplicité, gage de moins d’appels au support technique pour réinitialiser un mot de passe.
The Bluetooth spam feature that was initially used to inundate, and even crash, iPhones has now been expanded to cover Android and Windows devices.
Citrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability.
CVE-2023-4966 affects NetScaler ADC and NetScaler Gateway and, if exploited, could result in unauthorized data disclosure. Learn more.
