Hackers can modify Safari on macOS to steal user data
Last year, Apple expanded its bug-hunting program. In addition to iOS, developers can report to Apple for macOS, watchOS errors . to receive generous rewards.
However, according to researcher Jeff Johnson, Apple did not have a fix fast enough with certain security holes.

Six months ago, Jeff Johnson informed Apple of a vulnerability that allowed hackers to modify the Safari browser on macOS to steal user data. After users are tricked into downloading a malicious file, a version of Safari clone will be created by modifying the original Safari on macOS. From there, the Safari clone will be granted access to the system. Hackers will be able to remove any sensitive files that the original Safari can access.
According to Johnson, this vulnerability stems from the fact that Apple control systems on Macs do not fully check the authenticity of the file. This makes a clone version of Safari run on macOS without being blocked.
"We realized that an application containing malicious code could bypass the blocking system to access the ~ / Library / Safari directory, which only the original Safari and Finder have access to. Two applications contain malicious code, one is a clone of Safari used to access sensitive files carefully protected, while another application is responsible for modifying the original Safari to create. Safari clone and launch it.
Any application you download from the web can bypass macOS censorship. In the test, I was able to download user private data to a server I controlled easily because I could run any JavaScript statement , " Johnson said.

More seriously, according to Johnson, Apple has not yet overcome this vulnerability. Even, Johnson continues to see its appearance on the macOS11 Big Sur beta just launched. Apple seems to be forgetting about this problem, although Safari has received quite a few upgrades with macOS 11.
Johnson shared that Apple initially promised to fix the problem in the spring of 2020. However, recently contacted, Johnson received an answer that Apple is still investigating this vulnerability. Hopefully Apple will fix it before macOS 11 Big Sur is officially released.
You should read it
- Google announced a serious vulnerability in the macOS kernel
- Mac computers stuck with a dangerous security vulnerability, Apple was announced in February but has not yet resolved
- Apple updated the password revealing patch from the Disk Utility function
- Detecting a serious security vulnerability on macOS, this 18-year-old youth refused to disclose it because Apple did not pay the bonus
- 5 folders on macOS you should not touch
- New features on macOS 11 Big Sur
- 6 reasons why Windows 11 is better than macOS
- Everything we need to know about macOS 12
May be interested
- Appearing software to help hack iCloud easierrussian company phone breaker software elcomsoft can help hackers quickly steal data that you store on icloud by allowing hackers to quickly select the files they want to steal instead of having to download all the data that could be lost. many hours.
- Find out the latest features on MacOS Big Sura beta version of apple's latest mac operating system, macos big big sur (also known as macos 11), is now up and running, full of new and redesigned features that will make for a better user experience.
- How to create user profiles on Safaricreating user profiles on safari is a new feature updated for ios 17. user profile creation basically also allows you to create different user profiles for use on safari.
- How to always allow downloading on Safari macOSinstead of confirming each download on safari macos, users can completely allow always downloading files on certain websites or all websites.
- How to fix Safari error can not load websites on Macever encountered the problem of not being able to load pages on safari on a mac? obviously your network connection is extremely stable, but a website can't keep loading on safari. here is how to fix this phenomenon.
- How to experience new features on Safari does not need to upgrade macOS High Sierra Betathe safari browser has a huge change on the macos high sierra version. however, you do not need to upgrade to macos high sierra beta and still be able to experience those new features on safari.
- Can your data be stolen when using public Wifi?in technology terms, man-in-the-middle (mitm) is an attack that is intercepted by a third party (hackers) during communication between the server and the user. instead of the data being shared directly between the server and the user, the links will be broken by another factor. then hackers will change the content or add some malware to send to you.
- How to recover deleted files on macOSthe trash area on macos is the place to store deleted files from the folder on the computer. and if the user needs to retrieve the file, he can search here.
- How to fix 5 Safari bugs on iPhonesafari is the most popular and used browser on the iphone. however, when you encounter a problem, safari is also frustrating for users especially when you can't access the network and try to fix it. here are 5 common reasons why safari doesn't work and how to fix it.
- macOS Big Sur launches: Completely new interface, faster Safari, ARM supportmacos big sur is a major update for macs.