Metasploit software developer Joe Vennix has detailed a vulnerability in Safari’s webarchive file format along with how it can be exploited. The post on Rapid7 says that after being reported to Apple back in February, the bug was closed last month with a status of “wontfix”, indicating that Apple has no plans to address the bug. So what is it and why is that?
The bug found in Safari’s security model is a lack of restriction on what data can be accessed by files in a web archive. Normally a page like apple.com would be restricted to reading cookies that belonged to only the apple.com domain. It could not read cookies from another domain, such as gmail.com. This is critical because if all of your cookies were readable by any website, it would be trivial for a malicious site to send your cookies back to an attacker, who could then log in to your accounts on any number of websites. In the case of Safari’s web archives, it’s possible for a malicious web archive to not only access content stored by another site, but potentially any file on the victim’s computer.
With such a serious sounding vulnerability, you might be wondering why Apple wouldn’t want to fix it. The answer seems to be that an exploit like this cannot be accomplished without user action. You couldn’t actually be affected by this unless you were to download and open a malicious .webarchive file. Users can avoid being attacked by employing the age old advice of not opening strange files from the Internet (or anywhere else for that matter). That said, some people still do and surely will continue to do so. Given the potential impact of a vulnerability like this on users, it certainly seems like something Apple would want to fix at some point.
If you’re interesting in understanding more about how this bug works or can be exploited, Joe’s blog post covers several real world examples of how it could be used.
We may earn a commission for purchases using our links. Learn more.
Foxconn maintains that it will have a factory in Wisconsin eventually
Despite how it might look, Foxconn still thinks that it will one day have a factory up and running in Wisconsin.
Apple shareholders urged to vote for proposal on freedom of expression
Non-profit advocacy group SumOfUs has urged Apple's shareholders to vote in favor of a proposal that would force its Board of Directors to report annually regarding the company's policies regarding freedom of expression and access to information.
Apple shared the infamous '1984' Superbowl ad 36 years ago today
It was the day that a computer became a household name.
Get yourself a new wireless charger for your iPhone XS or iPhone SX Max
Want to try out or love the idea of Qi-charging? These are our favorite wireless chargers for iPhone!