10

Yesterday a group of researchers disclosed a new "iLeakage" vulnerability that affects WebKit:

We show how an attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution. In particular, we demonstrate how Safari allows a malicious webpage to recover secrets from popular high-value targets, such as Gmail inbox content. Finally, we demonstrate the recovery of passwords, in case these are autofilled by credential managers.

The vulnerability can be mitigated on Safari on macOS by enabling experimental debug flag "Swap Processes on Cross-Site Window Open", while it has no known mitigation for iOS as of now.

  • Can you confirm whether Orion is affected on iOS and macOS?
  • If Orion is affected, is there a way to enable the WebKit mitigation in a similar way to Safari?
    ptAcfSjJ changed the title to ILeakage Vulnerability .

      I'm going to pre-emptively note here:

      It seems "Swap Processes on Cross-Site Navigation" is enabled by default on Orion/Orion RC and Safari for that matter, but the disclosure talks about "Swap Processes on Cross-Site Window Open".

      Those seem to be two different things and I don't see the latter at all.

        spicysalmon You're correct. We're working on enabling "Swap Processes on Cross-Site Window Open" by default in an upcoming build.

          No one is typing