Safari, the default and proprietary browser of Apple's operating systems, has a security flaw that could be exploited to steal local files. The Polish researcher (part of REDTEAM) who reported the bug to the engineers in Cupertino decided to publicly reveal the details of the bug after being told that a patch would not arrive before spring 2021.
In the cybersecurity industry, things generally work like this:
Generally, researchers impose a maximum deadline of 90 days from point 2 to point 5: this is to ensure that software developers hurry to find a patch, avoiding falling victim to a reasoning such as "no attacker will discover the bug". Detecting a bug is difficult, but making malware once the bug is known much less. So at present anyone can exploit the security problem discovered by REDTEAM. Fortunately, the crew says, the problem isn't too bad, because the attack requires user interaction.
The bug resides in Safari's Web Share API, which allows you to share links, files and other content from a browser through third-party apps. Apparently it is also possible to include local files. A possible scam is this: the user finds a nice picture on a malicious site and clicks on the share button immediately below. Instead of the image, the button loads important system files with sensitive content. The user then has to click on the recipient and the communication channel, clear, but he may not realize he is sharing personal files. It is also easy to imagine a scam in which one is tricked into sharing content with a certain bogus email address, for example.
More than the bug, therefore, what is most striking is the "relaxation" with which Apple has handled the entire report. It is important to point out that the researchers made the first report to apple even in mid-April 2020. After three months and multiple requests for updates there was still no news. When the researchers put the developers on the ropes by communicating a public release date of the bug, Apple finally responded by saying … to wait another year for almost another year. At this point we just have to wait for the next move by the Apple.
Huawei's top at the best price? Huawei P30 Pro, on offer today by Emarevolution at 478 euros or from Amazon at 545 euros.