March 13, 2024 at 06:33AM A team of researchers from IBM and VU Amsterdam unveiled a new data leakage attack, GhostRace, affecting major CPU makers and software. The attack exploits speculative race conditions, allowing attackers to access sensitive information from memory. The researchers shared details of the attack, notified vendors, and released a proof-of-concept exploit … Read more
January 17, 2024 at 08:30AM Researchers discovered a new attack method, LeftoverLocals (CVE-2023-4969), exploiting a GPU vulnerability to access sensitive data from AI and other applications. LeftoverLocals can affect Apple, AMD, Qualcomm, and Imagination Technologies GPUs. Qualcomm and Apple are releasing patches, while AMD plans mitigations in March 2024. The vulnerability allows local attackers to … Read more
December 28, 2023 at 10:54AM Kaspersky’s GReAT team uncovered a hidden iPhone feature, exploited through CVE-2023-38606, allowing attackers to evade memory protection. The issue affected iPhones on iOS up to 16.6 and may have been for testing or debugging. The team’s thorough analysis revealed a sophisticated attack vector, demonstrating how even advanced hardware protection can … Read more