Sign in / up

back to article Here's a neat exploit to trick someone into inadvertently emailing their files to you from their Mac, iPhone via Safari

Pawel Wylecial, a security consultant with Redteam.pl, has published a proof-of-concept exploit for stealing files from iOS and macOS devices via web application code that utilizes the Web Share API. The security flaw, which isn't too scary as it requires some user interaction, has not yet been repaired, though a patch is …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Pascal Monett Silver badge

    "The bug isn't too serious [..] because user interaction is required"

    User interaction, as in clicking clicking OK on a popup ?

    It's serious.

    6 1 Reply
    1. RM Myers
      Reply Icon
      Unhappy

      Re: "The bug isn't too serious [..] because user interaction is required"

      This isn't a security flaw - you're just clicking it wrong.

      I do miss St. Steven (RIP). If he were still around, I'll bet he would tell us iphone sheeple users how to hold the phone so the Apple software would work, like having the recent call list actually include the recent calls without having to reboot the phone, or the automatic updates actually, you know, update IOS without manual intervention. Sadly, it is not to be.

      3 3 Reply
  2. Anonymous Coward
    Anonymous Coward

    Friends don't let friends use Safari.

    4 3 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Friends don't let friends use Safari.

      They point them in the direction of a safe, secure, privacy respecting browser like ....

      ...

      ...

      erm

      ...

      ...

      Lynx!

      6 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    I am sad that my fashion IT equipment is also not safe.

    Bah.

    2 1 Reply
    1. D@v3
      Reply Icon
      Joke

      Yeah, i guess everyone should be using something less fashionable and safer, like Android.

      That's safe, right?

      4 0 Reply
  4. Dom De Vitto

    Lots of more sensitive files than /etc/password !

    ... /mobile/Library/SMS/sms.db - SMS and iMessage database :-(

    ....

    ....

    .... :-(

    1 0 Reply
  5. mego

    I'm not sure of the utility risk

    There's some risk, sure, if you know a file to grab. But... any modern MacOS version a random file (even passwd) won't give you much

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like