Hackers can modify Safari on macOS to steal user data

Apple was notified of this security flaw six months ago but has not yet patched it.

Hackers can modify Safari on macOS to steal user data

Last year, Apple expanded its bug-hunting program. In addition to iOS, developers can report to Apple for macOS, watchOS errors . to receive generous rewards.

However, according to researcher Jeff Johnson, Apple did not have a fix fast enough with certain security holes.

Hackers can modify Safari on macOS to steal user data Picture 1

Apple has been notified of the vulnerability on macOS since 6 months ago

Six months ago, Jeff Johnson informed Apple of a vulnerability that allowed hackers to modify the Safari browser on macOS to steal user data. After users are tricked into downloading a malicious file, a version of Safari clone will be created by modifying the original Safari on macOS. From there, the Safari clone will be granted access to the system. Hackers will be able to remove any sensitive files that the original Safari can access.

According to Johnson, this vulnerability stems from the fact that Apple control systems on Macs do not fully check the authenticity of the file. This makes a clone version of Safari run on macOS without being blocked.

"We realized that an application containing malicious code could bypass the blocking system to access the ~ / Library / Safari directory, which only the original Safari and Finder have access to. Two applications contain malicious code, one is a clone of Safari used to access sensitive files carefully protected, while another application is responsible for modifying the original Safari to create. Safari clone and launch it.

Any application you download from the web can bypass macOS censorship. In the test, I was able to download user private data to a server I controlled easily because I could run any JavaScript statement , " Johnson said.

Hackers can modify Safari on macOS to steal user data Picture 2

But so far Apple defective there is no remedy

More seriously, according to Johnson, Apple has not yet overcome this vulnerability. Even, Johnson continues to see its appearance on the macOS11 Big Sur beta just launched. Apple seems to be forgetting about this problem, although Safari has received quite a few upgrades with macOS 11.

Johnson shared that Apple initially promised to fix the problem in the spring of 2020. However, recently contacted, Johnson received an answer that Apple is still investigating this vulnerability. Hopefully Apple will fix it before macOS 11 Big Sur is officially released.

3 ways to identify a Mac that is infected with a virus

How to turn off self-extracting files on macOS Safari
the safari browser on macos has the ability to automatically extract files, without having to do it manually. however, if you want to turn off auto-extracting files on macos safari, how do you do it?
Safari on Apple's iOS 13 collects and sends user data to Tencent
developers discovered the safari browser on ios 13 (and possibly ios 12.2 or later), sending data to tencent safe browseing in china.
Vulnerability on macOS helps hackers easily overcome security barriers
the interface of macos allows converting key presses into mouse operations. even when a user performs a double-click operation, macos will recognize that as the command to click the ok button.
Hackers can steal data from the Air Gap network computer using Camera IR CCTV
recently, researchers from israel's ben gurion university have described several ways to get sensitive information from computers in this closed network.
Xiaomi acknowledges unauthorized user data access
chinese company xiaomi has just upgraded its operating system after being exposed by security firm f-secure to steal user data.
Reddit is hacked, many member data is stolen
reddit has been attacked by hackers and stolen data including passwords, message content, personal information, etc. of the members between june 14 and june 18.
It turns out this is how hackers attack your computer through the main screen
the video clearly shows how he entered the user's computer through the main screen, creating a vulnerability on the computer to steal personal information. in this way, the hacker can even change the amount of money in the user's bank account.
Google was fined $ 17 million for tracking users on Safari
safari is the apple-branded browser that is commonly used on macs and iphones / ipads. to ensure user privacy, safari blocks all tracking cookies from other websites, including google.
Custom ways on Safari increase the browser experience
safari browser after many updates on macos has many changes. however, some of the default settings of this web browser are not really useful to users.
Appearing software to help hack iCloud easier
russian company phone breaker software elcomsoft can help hackers quickly steal data that you store on icloud by allowing hackers to quickly select the files they want to steal instead of having to download all the data that could be lost. many hours.
Nearly 1 billion user profiles fall into the hands of hackers
according to zdnet, a hacker with the nickname gnintoplayers revealed to the technology news website in february that he wanted to put data of more than 1 billion user profiles on the black market.
Find out the latest features on MacOS Big Sur
a beta version of apple's latest mac operating system, macos big big sur (also known as macos 11), is now up and running, full of new and redesigned features that will make for a better user experience.