Hackers can modify Safari on macOS to steal user data
Last year, Apple expanded its bug-hunting program. In addition to iOS, developers can report to Apple for macOS, watchOS errors . to receive generous rewards.
However, according to researcher Jeff Johnson, Apple did not have a fix fast enough with certain security holes.
Apple has been notified of the vulnerability on macOS since 6 months agoSix months ago, Jeff Johnson informed Apple of a vulnerability that allowed hackers to modify the Safari browser on macOS to steal user data. After users are tricked into downloading a malicious file, a version of Safari clone will be created by modifying the original Safari on macOS. From there, the Safari clone will be granted access to the system. Hackers will be able to remove any sensitive files that the original Safari can access.
According to Johnson, this vulnerability stems from the fact that Apple control systems on Macs do not fully check the authenticity of the file. This makes a clone version of Safari run on macOS without being blocked.
"We realized that an application containing malicious code could bypass the blocking system to access the ~ / Library / Safari directory, which only the original Safari and Finder have access to. Two applications contain malicious code, one is a clone of Safari used to access sensitive files carefully protected, while another application is responsible for modifying the original Safari to create. Safari clone and launch it.
Any application you download from the web can bypass macOS censorship. In the test, I was able to download user private data to a server I controlled easily because I could run any JavaScript statement , " Johnson said.
But so far Apple defective there is no remedyMore seriously, according to Johnson, Apple has not yet overcome this vulnerability. Even, Johnson continues to see its appearance on the macOS11 Big Sur beta just launched. Apple seems to be forgetting about this problem, although Safari has received quite a few upgrades with macOS 11.
Johnson shared that Apple initially promised to fix the problem in the spring of 2020. However, recently contacted, Johnson received an answer that Apple is still investigating this vulnerability. Hopefully Apple will fix it before macOS 11 Big Sur is officially released.
You should read it
- Vulnerability on macOS helps hackers easily overcome security barriers
- Microsoft discovered a critical vulnerability on macOS
- Google announced a serious vulnerability in the macOS kernel
- Mac computers stuck with a dangerous security vulnerability, Apple was announced in February but has not yet resolved
- Apple updated the password revealing patch from the Disk Utility function
- Detecting a serious security vulnerability on macOS, this 18-year-old youth refused to disclose it because Apple did not pay the bonus
- 5 folders on macOS you should not touch
- New features on macOS 11 Big Sur
- 6 reasons why Windows 11 is better than macOS
- Everything we need to know about macOS 12
- Some useful file manipulation tips on macOS
- How to fix corrupted macOS installer errors
Maybe you are interested
6 Safari Settings to Change to Improve Your Mac Browsing Experience
Safari launched the feature to automatically delete ads as quickly as Thanos' snap
Serious security vulnerabilities in Safari and Chrome have existed for 18 years
How to summarize web pages on iPhone Safari
Apple launches Distraction Control: Integrated content blocking tool for Safari
Macbook cannot exit Safari - Save immediately how to fix it