Last year, Apple expanded its security bounty program to include macOS after several years of offering the same for iPhone developers. But according to at least one researcher, the company isn’t acting quick enough on some exploits. Developer Jeff Johnson informed Apple about an exploit that allowed an attacker to steal private data with a malicious clone of Safari over six months ago. Once a user is tricked into downloading the malicious file, the Safari clone is given undue access by macOS. Any restricted file available to Safari then becomes available to the attacker. Johnson explains that the exploit works…
This story continues at The Next Web
Or just read more coverage about: Security
from The Next Web https://ift.tt/38eaXH7
Comments
Post a Comment