Security News > 2020 > August > Unpatched Safari Vulnerability Allows Theft of Local Files
A researcher has disclosed the details of an unpatched vulnerability in Apple's Safari web browser that can be exploited to steal files from a targeted user's system.
The vulnerability is related to the Web Share API, which allows users to share links from Safari through third-party apps.
"The problem is that file: scheme is allowed and when a website points to such URL unexpected behavior occurs. In case such a link is passed to the navigator.share function an actual file from the user file system is included in the shared message which leads to local file disclosure when a user is sharing it unknowingly," Wylecial explained in a blog post.
Wylecial showed how the attacker can steal the local passwd file or a file storing the user's browsing history.
Wylecial says he has tested the attack on devices running iOS 13.4.1 and 13.6, macOS Mojave 10.14.16 with Safari 13.1, and on macOS Catalina 10.15.5 with Safari 13.1.1.