Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Hackers can modify Safari on macOS to steal user data
Last year, Apple expanded its bug-hunting program. In addition to iOS, developers can report to Apple for macOS, watchOS errors . to receive generous rewards.
However, according to researcher Jeff Johnson, Apple did not have a fix fast enough with certain security holes.
Apple has been notified of the vulnerability on macOS since 6 months ago Six months ago, Jeff Johnson informed Apple of a vulnerability that allowed hackers to modify the Safari browser on macOS to steal user data. After users are tricked into downloading a malicious file, a version of Safari clone will be created by modifying the original Safari on macOS. From there, the Safari clone will be granted access to the system. Hackers will be able to remove any sensitive files that the original Safari can access.
According to Johnson, this vulnerability stems from the fact that Apple control systems on Macs do not fully check the authenticity of the file. This makes a clone version of Safari run on macOS without being blocked.
"We realized that an application containing malicious code could bypass the blocking system to access the ~ / Library / Safari directory, which only the original Safari and Finder have access to. Two applications contain malicious code, one is a clone of Safari used to access sensitive files carefully protected, while another application is responsible for modifying the original Safari to create. Safari clone and launch it.
Any application you download from the web can bypass macOS censorship. In the test, I was able to download user private data to a server I controlled easily because I could run any JavaScript statement , " Johnson said.
But so far Apple defective there is no remedy More seriously, according to Johnson, Apple has not yet overcome this vulnerability. Even, Johnson continues to see its appearance on the macOS11 Big Sur beta just launched. Apple seems to be forgetting about this problem, although Safari has received quite a few upgrades with macOS 11.
Johnson shared that Apple initially promised to fix the problem in the spring of 2020. However, recently contacted, Johnson received an answer that Apple is still investigating this vulnerability. Hopefully Apple will fix it before macOS 11 Big Sur is officially released.
David PacYou should read it
- Google announced a serious vulnerability in the macOS kernel
- Mac computers stuck with a dangerous security vulnerability, Apple was announced in February but has not yet resolved
- Apple updated the password revealing patch from the Disk Utility function
- Detecting a serious security vulnerability on macOS, this 18-year-old youth refused to disclose it because Apple did not pay the bonus
- 5 folders on macOS you should not touch
- New features on macOS 11 Big Sur
- 6 reasons why Windows 11 is better than macOS
- Everything we need to know about macOS 12
May be interested
- Microsoft silently updated Windows 10 to patch 2 serious security holes
according to microsoft, the two newly patched security holes affect hundreds of millions of regular windows 10 users and even windows 10 server. - Hide malicious code in Windows logs file to attack computers, new ways of attack by hackershackers are constantly inventing new ways to attack corporate and user computer systems.
- Google Alert is being used to spread malicious codeby using fake data leak notifications, hackers have taken advantage of google alert itself to spread malware and other phishing campaigns.
- Warning: DDoS attacks are becoming more dangerous both in scale and complexityalthough ddos is a new form of attack, it is always considered as a leading threat to organizations and businesses worldwide.
- Detect a critical flaw in VMware Cloud Director, which could pave the way for hackers to take control of enterprise serversthe newly discovered vulnerability in vmware's cloud director platform has the ability to allow attackers to access sensitive information and even control private clouds throughout the infrastructure.
- How did 'LoveBug' change the world of malware?a computer virus that not only paralyzes millions of computer systems around the world, but also becomes a catalyst for the growth and growth of the billions of dollars 'ransomware industry' i know today.
Attack the network
How to turn off self-extracting files on macOS Safari- Safari on Apple's iOS 13 collects and sends user data to Tencent
- Vulnerability on macOS helps hackers easily overcome security barriers
- Hackers can steal data from the Air Gap network computer using Camera IR CCTV
- Xiaomi acknowledges unauthorized user data access
How to turn off self-extracting files on macOS Safari
Safari on Apple's iOS 13 collects and sends user data to Tencent
Vulnerability on macOS helps hackers easily overcome security barriers
Hackers can steal data from the Air Gap network computer using Camera IR CCTV
Xiaomi acknowledges unauthorized user data access