Client Alerts | Align

Client Alert: Apple iLeakage Vulnerability

Written by Align | 2023

Tuesday, October 31st, Apple identified a vulnerability called iLeakage

What are the Vulnerabilities?

We have been informed of an exploited vulnerability from Apple called iLeakage, a transient execution side channel targeting the Safari web browser present on Macs, iPads and iPhones.

Who is Affected?

This affects owners of:

  • Apple iPhones, iPads and Macs

Current Status

  • Apple claims to still be working on the software release. No ETA on when the patch will be released.

What's the risk? 

Safari allows a malicious webpage to recover secrets from popular, high-value targets such as Gmail inbox content.

Workaround for iPhone

  1. Avoid using AutoFill into a webpage, see instructions below:

You can turn off AutoFill for your contact or credit card information, and for passwords.

Turn off AutoFill for your contact and credit card information: Go to Settings > Safari > AutoFill, then turn off either option.

Turn off AutoFill for passwords: Go to Settings > Passwords, unlock the screen, tap Password Options, then turn off AutoFill Passwords and Passkeys

  1. Optional: Turn on Lockdown mode (About Lockdown Mode - Apple Support)

Note: This feature can cause Safari to render some websites incorrectly or incompletely, and some advanced web features such as online payments may not work.

  1. Mitigation for Mac: Apple has provided a mitigation for the issue, but does not enable it by default, and marks it unstable. If you are interested in learning more about this option, please contact us to review how Align can assist with managing configuration settings on your Mac. 

The Align team will be watching closely for Appleā€™s release since these workarounds above are not final solutions.

To learn more, please click here

Do you have further other cybersecurity concerns? 

If so, we advise you to contact the Align Managed Services team at help@align.com or via phone at +1 855-IT-ALIGN (1-855-482-5446)

Thank you,

The Align Team

Account Management Team email: AccountMGMT@align.com
Align Managed Services Team email: help@align.com 
Cyber Team email - cyber@align.com
Alex Bazay, CISO - abazay@align.com
Dan Lyons, Sales and Business Development - dlyons@align.com
Phone: 1 855-IT-ALIGN (1-855-482-5446)
View full post