REDTEAM.PL researcher Pawel Wylecial has decided to go public with his discovery of a bug that resides in Safari for both iOS and macOS. The bug can be found in the Web Share API, which Safari just implemented recently to allow for easier sharing of text, links, and files. This becomes a security issue when attackers set up fake web pages or send out emails that ask a potential victim to share files with people they know. In reality, the bug is being taken advantage of in order to extract files from the targeted device. Wylecial said he was fed up with waiting on Apple to produce some sort of patch for his finding or to even simply acknowledge it. Apple attempted to get Wylecial to wait to publish his findings until Spring of 2021, which would have been nearly a year since he originally reported it to them. Other researchers have complained of the same issue, claiming that Apple has either delayed their acknowledgement or simply tried to tell the researchers that what they discovered was not a bug.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.