The security thread
Out of context: Reply #34
- Started
- Last post
- 39 Responses
- sted1
An unpatched vulnerability in Apple's Safari web browser could be exploited to allow for the transfer of local files from a victim's machine or mobile device. Although Apple requested the researcher to hold off on disclosing the vulnerability, the researcher felt the timeline for a patch was too long. Apple stated it would not release a patch until Spring 2021. The vulnerability abuses the Web Share API, which allows users to share links from Safari through third-party applications. Using the "file:" scheme, an attacker could pass a link to the navigator.share function containing a file from the user file system. To perform the attack, a user must be compelled to visit a malicious website and perform actions detailed on that website. The researcher provided a proof-of-concept with an innocuous image file, which he urged visitors to share amongst their friends. Upon pressing the share button, the user is presented with various ways by which to share the image. Should the user choose email, the code, image URL, and an arbitrary file are attached. Additionally, he was able to demonstrate the stealing of the passwd file. In some cases, the victim may not notice the attachment or the name of the attachment may not be displayed, giving the attacker a slight advantage as the attachment could be out of sight on the victim's screen. The victim would need to scroll down to see the attached file. This vulnerability affects devices running iOS 13.4.1 and 13.6, macOS Mojave 10.14.16 with Safari 13.1, and macOS Catalina 10.15.5 with Safari 13.1.1. Further details can be found in the links located within the Reference section below.
- Boring. If there is no RCE, move on. If they want the /etc/passd they could just ask, those are only system users...grafician