How This Safari Bug Can Expose Files on Your Mac or iPhone
Security researcher Pawel Wylecial publicly disclosed yesterday a Safari vulnerability that could convince users to secretly send any file on their system to a recipient.
Though Wylecial himself says the bug “is not very serious,” in that it still requires a person to manually do something in order to mistakenly send a file from one’s system to another person—including entering a recipient—“it is quite easy to make the shared file invisible to the user. The closest comparison that comes to mind is clickjacking as we try to convince the unsuspecting user to perform some action.”
How it works is pretty simple. Safari’s Web Share API supports the file:// URI scheme. As a result, you can incorporate a link to a file on a user’s computer within the same site button a user would otherwise use to share the content they’re looking at via a third-party app.
So, for example, clicking on this button:
and sharing that image via, say, the macOS Mail app, would create a rather innocent message—“check out this cute kitten!”—that would also include your Mac’s “passwd” file, as the button also includes the variable “file:///etc/passwd” in the site’s source code:
If you were paying attention you’d notice the attachment in your email message and probably question and/or quickly delete, but if you weren’t, well, you would have just sent over a file you didn’t mean to send to a recipient. And I can totally see a website abusing this feature by encouraging users to share content to some kind of catch-all inbox for this information.
Again, you’re probably not likely to be duped if you’re decently tech-savvy, but those who are not could get suckered in, especially since it’s hard to tell what file you’re actually sharing when you use other apps to create the message. As Wylecial writes, the Gmail app, for example, mucks up the file name so much that you wouldn’t even know you were sharing your password file (to continue this example).
Wylecial disclosed this vulnerability to Apple in April of 2020. Apple finally replied in July that they’re investigating the issue, and clarified in August that they’ll be patching this in a security update scheduled for Spring of 2021.
RECOMMENDED NEWS
How to Host 'Watch Together' Viewing Parties on Facebook Messenger
Facebook’s new “Watch Together” feature supports up to eight people in Faceb...
How to Stop Your AirPods Pro From 'Quick Switching' Between Devices
I’m a huge fan of iOS 14, and since I own a pair of AirPods Pro, I’m also lovi...
Free Up Phone Space With WhatsApp's Updated Storage Manager
If your WhatsApp conversations are anything like my Facebook ones, they’re proba...
Should You Upgrade to an AMD Zen 3 Ryzen CPU?
AMD officially announced its brand-new Zen 3 Ryzen CPUs today, and gave graphics-s...
Update Your Barnes & Noble Password Right Now
In a recent email, Barnes & Noble informed its customers of a security breach ...
What's New on HBO Max in November 2020
You really have to feel for HBO. For decades, the network has prided itself on bei...
Comments on "How This Safari Bug Can Expose Files on Your Mac or iPhone" :