back to article Here's a neat exploit to trick someone into inadvertently emailing their files to you from their Mac, iPhone via Safari

Pawel Wylecial, a security consultant with Redteam.pl, has published a proof-of-concept exploit for stealing files from iOS and macOS devices via web application code that utilizes the Web Share API. The security flaw, which isn't too scary as it requires some user interaction, has not yet been repaired, though a patch is …

  1. Pascal Monett Silver badge

    "The bug isn't too serious [..] because user interaction is required"

    User interaction, as in clicking clicking OK on a popup ?

    It's serious.

    1. RM Myers Silver badge
      Unhappy

      Re: "The bug isn't too serious [..] because user interaction is required"

      This isn't a security flaw - you're just clicking it wrong.

      I do miss St. Steven (RIP). If he were still around, I'll bet he would tell us iphone sheeple users how to hold the phone so the Apple software would work, like having the recent call list actually include the recent calls without having to reboot the phone, or the automatic updates actually, you know, update IOS without manual intervention. Sadly, it is not to be.

  2. 759b954e-617b-408b-a2b1-f5a42c3688d4

    Friends don't let friends use Safari.

    1. Thomas PinkOne

      Friends don't let friends use Safari.

      They point them in the direction of a safe, secure, privacy respecting browser like ....

      ...

      ...

      erm

      ...

      ...

      Lynx!

  3. Louis Schreurs Bronze badge

    I am sad that my fashion IT equipment is also not safe.

    Bah.

    1. D@v3
      Joke

      Yeah, i guess everyone should be using something less fashionable and safer, like Android.

      That's safe, right?

  4. Dom De Vitto

    Lots of more sensitive files than /etc/password !

    ... /mobile/Library/SMS/sms.db - SMS and iMessage database :-(

    ....

    ....

    .... :-(

  5. mego

    I'm not sure of the utility risk

    There's some risk, sure, if you know a file to grab. But... any modern MacOS version a random file (even passwd) won't give you much

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020