12 matches found
Pixel-stealing “Pixnapping” attack targets Android devices
Researchers at US universities have demonstrated how a malicious Android app can trick the system into leaking pixel data. That may sound harmless, but imagine if a malicious app on your Android device could glimpse tiny bits of information on your screen—even the parts you thought were secure,...
Pixnapping: Bringing Pixel Stealing out of the Stone Age
Pixel stealing attacks enable malicious websites to leak sensitive content displayed in victim websites. The idea, introduced by Stone in 2013, is to embed victim websites in iframes and use SVG filters to compute on, and create side channels as a function of, those websites' pixels. Fortunately,...
Linux Distros Unpatched Vulnerability : CVE-2023-44216
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attac...
CVE-2023-44216
PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...
EXAM: Exploiting Exclusive System-Level Cache in Apple M-Series SoCs for Enhanced Cache Occupancy Attacks
Cache occupancy attacks exploit the shared nature of cache hierarchies to infer a victim's activities by monitoring overall cache usage, unlike access-driven cache attacks that focus on specific cache lines or sets. There exists some prior work that target the last-level cache LLC of Intel...
CVE-2023-44216
PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...
CVE-2023-44216
PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...
UBUNTU-CVE-2023-44216
PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...
Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data
A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units GPU vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a group...
CVE-2023-44216
PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...
CVE-2023-44216
PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...
CVE-2023-44216
The CVE-2023-44216 entry concerns PVRIC (PowerVR Image Compression) on Imagination 2018+ GPU devices. The vulnerability stems from software-transparent compression that enables cross-origin pixel-stealing attacks against SVG Filter functions like feTurbulence and feBlend (GPU.zip issue). Affected...