Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Apple Plugs Gaping Holes in Safari Browser

One month after a group of Chinese researchers exploited a critical WebKit bug to break into — and hijack private data — from a fully patched iPhone, Apple has shipped a Safari update to fix the vulnerability.

One month after a group of Chinese researchers exploited a critical WebKit bug to break into — and hijack private data — from a fully patched iPhone, Apple has shipped a Safari update to fix the vulnerability.

The patch, available for Safari 6.1.1 and Safari 7.0.1, fixes a total of nine security vulnerabilities, the most serious of which allows malicious hackers to launch drive-by downloads using rigged Web sites.

Safari Security Fixes

The new Safari update comes just over a month after Keen Team, a group of Chinese researchers, demonstrated two iPhone exploits via Safari to capture Facebook credentials (iOS version 7.0.3) and hijack photographs (iOS aversion 6.1.4).

Keen Team’s exploits were delivered as part of the Mobile Pwn2Own hacking challenge at the PacSecWest security conference in Japan.

Here’s the explanation from HP, one of the Pwn2Own sponsors:

The first was an application exploit. Via Safari, the team were able to steal a Facebook cookie that was then exfiltrated and used to compromise the targeted Facebook account from another machine. In order for the exploit to work, a user would need to click on a link in an email, an SMS, or a web page, so some social engineering would be required to prompt a user to take an action before their credentials could be compromised.

According to documentation from Apple, the security holes resided in WebKit. The company confirmed that visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

The Safari update also includes a patch for a bug that disclosed user credentials to an unexpected site via autofill.

“Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame. This issue was addressed through improved origin tracking,” Apple explained.

Related: Hackers Demo Two iPhone Exploits via Safari at Mobile Pwn2Own

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Expert Insights

Related Content

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.