Enlarge (credit: Kim et al.)

Researchers have devised an attack that forces Apple’s Safari browser to divulge passwords, Gmail message content, and other secrets by exploiting a side channel vulnerability in the A- and M-series CPUs running modern iOS and macOS devices.

iLeakage, as the academic researchers have named the attack, is practical and requires minimal resources to carry out. It does, however, require extensive reverse-engineering of Apple hardware and significant expertise in exploiting a class of vulnerability known as a side channel , which leaks secrets based on clues left in electromagnetic emanations, data caches, or other manifestations of a targeted system. The side channel in this case is speculative execution, a performance enhancement feature found in modern CPUs that has formed the basis of a wide corpus of attacks in recent years. The nearly endless stream of exploit variants has left chip makers—primarily Intel and, to a lesser extent, AMD—scrambling to devise mitigations.

Exploiting WebKit on Apple silicon

The researchers implement iLeakage as a website. When visited by a vulnerable macOS or iOS device, the website uses JavaScript to surreptitiously open a separate website of the attacker’s choice and recover site content rendered in a pop-up window. The researchers have successfully leveraged iLeakage to recover YouTube viewing history, the content of a Gmail inbox—when a target is logged in—and a password as it’s being autofilled by a credential manager. Once visited, the iLeakage site requires about five minutes to profile the target machine and, on average, roughly another 30 seconds to extract a 512-bit secret, such as a 64-character string.

Enlarge / Apple AI executive and former Google search lead John Giannandrea. (credit: Steve Jennings / TechCrunch / Flickr )

In iOS 17 , Apple recently made it easier to use alternatives to Google search in private browsing mode—but the company considered going even further by making DuckDuckGo, which is marketed as a more private alternative, the default choice in that context.

As reported by Bloomberg's Leah Nylen, the information came to light when Amit Mehta, the US District Judge who is handling the US antitrust trial over Google search, unsealed transcripts of testimonies by DuckDuckGo CEO Gabriel Weinberg and Apple SVP of machine learning and AI strategy John Giannandrea. Giannandrea worked as Google's head of search before his current role at Apple .

Weinberg claimed in his testimony that his company had 20 or so meetings with Apple about the possibility and that he believed the change would happen based on prior DuckDuckGo integrations make their way into Safari. He even said this was the one proposed integration that didn't make it "all the way through the finish line."

Enlarge (credit: Andrew Cunningham)

Apple released its first public beta for macOS Sonoma (among other operating systems) this month, and per usual, headlining features like desktop widgets have gotten a lot of coverage. We'll take a more comprehensive look at the big-ticket items in our review later this fall, but there are always some features and changes worth discussing that get buried or lost in the shuffle. Here are a few deeper cuts we've played with so far.

Better screen sharing

The new Screen Sharing app, which is actually an app and not just a window you type an IP address into. Note the mix of Macs and PCs. (credit: Andrew Cunningham)

Apple first added basic screen sharing support to macOS back in 2007, with version 10.5 (Leopard). Screen sharing did use a dedicated app, but it was hidden in macOS' system folders rather than in the Applications or Utilities folders—it was really only intended to be launched indirectly, either using the Finder or the Connect to Server menu . If you did launch it directly, its interface was a simple "connect to" dialog where you could enter your desired hostname or IP address. Functional, but minimalist.

Screen Sharing in Sonoma revamps the app itself, as well as how the underlying technology works. You'll now find a Screen Sharing app in the Utilities folder (the same place as Terminal, Disk Utility, and others), signaling that Apple has made it a full-fledged app. The new Screen Sharing app looks a bit like a (very) light, feature-limited version of the Remote Desktop management software, with a list of all computers you've connected to in the past, the ability to see all computers on your local network with screen sharing enabled, and the option to create groups of computers so you can easily sort systems based on how you use them.

Enlarge (credit: Getty Images )

A secretive seller of cyberattack software recently exploited a previously unknown Chrome vulnerability and two other zero-days in campaigns that covertly infected journalists and other targets with sophisticated spyware, security researchers said.

CVE-2022-2294, as the vulnerability is tracked, stems from memory corruption flaws in Web Real-Time Communications , an open source project that provides JavaScript programming interfaces to enable real-time voice, text, and video communications capabilities between web browsers and devices. Google patched the flaw on July 4 after researchers from security firm Avast privately notified the company it was being exploited in watering hole attacks, which infect targeted websites with malware in hopes of then infecting frequent users. Microsoft and Apple have since patched the same WebRTC flaw in their Edge and Safari browsers, respectively.

Avast said on Thursday that it uncovered multiple attack campaigns, each delivering the exploit in its own way to Chrome users in Lebanon, Turkey, Yemen, and Palestine. The watering hole sites were highly selective in choosing which visitors to infect. Once the watering hole sites successfully exploited the vulnerability, they used their access to install DevilsTongue , the name Microsoft gave last year to advanced malware sold by an Israel-based company named Candiru.