Nov. 19, 2023, 4:01 a.m. | Victor Miller

The RISKS Digest

[...] We show how an attacker can induce Safari to render an arbitrary
webpage, subsequently recovering sensitive information present within it
using speculative execution. In particular, we demonstrate how Safari allows
a malicious webpage to recover secrets from popular high-value targets, such
as Gmail inbox content. Finally, we demonstrate the recovery of passwords,
in case these are autofilled by credential managers.

Virtually all modern CPUs use a performance optimization where they predict
if a branch instruction will be taken or …

attacker case gmail high ileakage information malicious passwords popular recover recovery safari secrets sensitive sensitive information speculative execution value

Security Specialist

@ Protect Democracy | Remote, US

Cybersecurity Systems Security Engineer II-T

@ ManTech | 809AR - Ft Carson,Colorado Springs,CO

Security Engineer (Supporting NASA at JSC)

@ KBR, Inc. | USA, Houston, 2101 NASA Parkway, Building 21, Texas

Head of Security & IT

@ ORFIUM | Dublin, County Dublin, Ireland

Chief Privacy Officer

@ Nike | Santa Clara,CA

Security Engineer

@ SPINS | Chicago, IL