November 1, 2023

Client Alert: Apple iLeakage Vulnerability

by: Align

Tuesday, October 31st, Apple identified a vulnerability called iLeakage

What are the Vulnerabilities?

We have been informed of an exploited vulnerability from Apple called iLeakage, a transient execution side channel targeting the Safari web browser present on Macs, iPads and iPhones.

Who is Affected?

This affects owners of:

  • Apple iPhones, iPads and Macs

Current Status

  • Apple claims to still be working on the software release. No ETA on when the patch will be released.

What's the risk? 

Safari allows a malicious webpage to recover secrets from popular, high-value targets such as Gmail inbox content.

Workaround for iPhone

  1. Avoid using AutoFill into a webpage, see instructions below:

You can turn off AutoFill for your contact or credit card information, and for passwords.

Turn off AutoFill for your contact and credit card information: Go to Settings > Safari > AutoFill, then turn off either option.

Turn off AutoFill for passwords: Go to Settings > Passwords, unlock the screen, tap Password Options, then turn off AutoFill Passwords and Passkeys

  1. Optional: Turn on Lockdown mode (About Lockdown Mode - Apple Support)

Note: This feature can cause Safari to render some websites incorrectly or incompletely, and some advanced web features such as online payments may not work.

  1. Mitigation for Mac: Apple has provided a mitigation for the issue, but does not enable it by default, and marks it unstable. If you are interested in learning more about this option, please contact us to review how Align can assist with managing configuration settings on your Mac. 

The Align team will be watching closely for Apple’s release since these workarounds above are not final solutions.

To learn more, please click here

Do you have further other cybersecurity concerns? 

If so, we advise you to contact the Align Managed Services team at help@align.com or via phone at +1 855-IT-ALIGN (1-855-482-5446)

Thank you,

The Align Team

Account Management Team email: AccountMGMT@align.com
Align Managed Services Team email: help@align.com 
Cyber Team email - cyber@align.com
Alex Bazay, CISO - abazay@align.com
Dan Lyons, Sales and Business Development - dlyons@align.com
Phone: 1 855-IT-ALIGN (1-855-482-5446)
Continue Reading

Related Articles

Privacy  |  Terms and Conditions
©2024 | All Rights Reserved | Align Communications, Inc.

★★★★★

“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC