A researcher has disclosed the details of an unpatched vulnerability in Apple’s Safari web browser that can be exploited to steal files from a targeted user’s system.
The issue was discovered in April by Pawel Wylecial, a Poland-based security researcher and founder of cybersecurity services companies REDTEAM.PL and BlackOwlSec. Apple said at the time that it had started investigating the issue, but the tech giant told Wylecial in mid-August that it would only address it with a security update in the spring of 2021.
Apple asked the researcher to hold off disclosure until then, but Wylecial decided that it was too long and made his findings public this week.
The vulnerability is related to the Web Share API, which allows users to share links from Safari through third-party apps (e.g. email and messaging software).
“The problem is that file: scheme is allowed and when a website points to such URL unexpected behavior occurs. In case such a link is passed to the navigator.share function an actual file from the user file system is included in the shared message which leads to local file disclosure when a user is sharing it unknowingly,” Wylecial explained in a blog post.
Launching an attack requires convincing the targeted user to visit a malicious website and performing certain actions, but the researcher has described an attack scenario that could be successful.
He set up a website containing an image of a kitten and urging visitors to share it with their friends using a dedicated button on the page. When the user presses the button, they are asked to select the application they want to use to share a link t ..
Support the originator by clicking the read the rest link below.
