Safari Bug Revealed After Apple Takes Nearly a Year to Patch
A Polish security researcher discovered a vulnerability in the Apple Safari web browser that lies within the cross-browser sharing API. The exploitation of the vulnerability could lead to attackers gaining access to personal information and stealing user files. Although the researcher who found the bug rated it as less serious, it was disclosed after Apple stated it would delay patching the flaw for nearly a year.
The researcher responsible for finding the bug, Pawel Wylecial, posted on his personal page on Monday, outlining his discoveries. Wylecial attributed the bug to issues within Safari’s implementation of the Web Share API, which is relatively new. This function allows users to share links from the browser through third-party applications.