Start your day with intelligence. Get The OODA Daily Pulse.
On Wednesday, Apple released security updates. This security update fixed a vulnerability that made a privacy-enhancing feature not work as intended. The vulnerability allowed the tracking of users’ iPhones across different Wi-Fi networks by their device’s static MAC address. While iOS replaces the device’s real MAC address in the data link layer with a generated address per network, it includes the real MAC address in the AirPlay discovery requests that an iPhone starts sending when it joins a network. Apple said it has plugged the security hole by “removing the vulnerable code,” but offered no detailed explanation.
A group of researchers have also developed a side channel attack exploiting the capability to extract sensitive information when a Safari user lands on a specifically crafted webpage. The attack can also be leveraged against Chrome, Firefox, and Edge users on iOS. The researchers disclosed this information to Apple in September 2022, but there is still no fix available.
Read more: https://www.helpnetsecurity.com/2023/10/27/ileakage-attack-mac-address-leakage/