Oh no.

  • chicken@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    51
    ·
    1 year ago

    This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer.

    So just continue not letting people use my computer, got it. Very simple fix.

    • salient_one@lemmy.villa-straylight.social
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      1 year ago

      It appears that users in this case include agents such as software. A bit confusing for the general public.

      For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages.

      Official website

      It can theoretically even be exploited via a browser:

      [Q] What about web browsers?

      [A] In theory, remotely exploiting this vulnerability from the web browser is possible. In practice, demonstrating successful attacks via web browsers requires additional research and engineering efforts.

      FAQ at the official website

    • dbilitated@aussie.zone
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      I think it also means software running can access other software’s memory which is probably bad but personally I’m not keen for that performance hit on my desktop