ROS-20250307-06

A vulnerability in the OpenSSL library is related to a temporary side-channel in the ECDSA signature computation. Exploitation of the vulnerability could allow a remote attacker to recover the private key...

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render...

Side-channels Related to the x86 PREFETCH Instruction

Bulletin ID: AMD-SB-1017 Potential Impact: Leaked kernel address space information Severity: Medium Summary Researchers from Graz University of Technology with CISPA Helmholtz Center for Information Security have demonstrated timing and power-based side channel attacks leveraging the x86 PREFETCH...

Q3 2018 Speculative Execution Side Channel Update

Summary: Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault L1TF. This method impacts select microprocessor products supporting Intel® Software Guard Extensions Intel® SGX. Further investigation by Intel has identified two related application...

CVE-2018-3626

Edger8r tool in the Intel SGX SDK before version 2.1.2 Linux and 1.9.6 Windows may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information...