It's unclear if they even reported this issue to Apple.

matthewdgreen · on Oct 25, 2023

They reported it to Apple a long time ago, over a year I think. The problem appears to be that it's very hard to mitigate.

ETA: To be clear, this isn't me speculating. I spoke with one of the authors and asked this specific question. Apple hadn't shared the mitigation with them as of a few days ago.

fh9302 · on Oct 25, 2023

Thank you. Do you know if lockdown mode / disabling JIT would mitigate the issue?

matthewdgreen · on Oct 25, 2023

From what I’m told disabling JIT might do the job. With consequences to things breaking down.

saagarjha · on Oct 27, 2023

Disabling JIT would make it substantially harder to exploit.

MatthiasPortzel · on Oct 25, 2023

From the site (perhaps it was updated to include this?):

> We disclosed our results to Apple on September 12, 2022 (408 days before public release).

HatchedLake721 · on Oct 25, 2023

Interestingly, the YouTube videos are 13 months old.

thfuran · on Oct 25, 2023

That's when they reported it to apple.

cedws · on Oct 25, 2023

It's been reported

>At the time of public release, Apple has implemented a mitigation for iLeakage in Safari

However the site gives no details on timelines or a report at all.

(edit) They have added a "When did you notify Apple?" to the FAQ.

DannyBee · on Oct 25, 2023

Look at the faq

cedws · on Oct 25, 2023

See edit.