Diversity is a good thing! Even if Apple claims the opposite when it comes to browser engines on iOS. When every browser runs WebKit, exploits like iLeakage put everyone at risk. Thanks for keeping us “safe”, Apple! 🙃
We present iLeakage, a transient execution side channel targeting the Safari web browser present on Macs, iPads and iPhones. … [W]e demonstrate how Safari allows a malicious webpage to recover secrets from popular high-value targets, such as Gmail inbox content. Finally, we demonstrate the recovery of passwords, in case these are autofilled by credential managers.