Safari

Pierluigi Paganini October 26, 2023
iLeakage attack exploits Safari to steal data from Apple devices

Boffins devised a new iLeakage side-channel speculative execution attack exploits Safari to steal sensitive data from Macs, iPhones, and iPads. A team of researchers from the University of Michigan, Georgia Institute of Technology, and Ruhr University Bochum has devised a transient side-channel speculative execution attack that exploits the Safari web browser to steal sensitive information […]

Pierluigi Paganini August 18, 2022
Safari 15.6.1 addresses a zero-day flaw actively exploited in the wild

Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address a zero-day vulnerability actively exploited in the wild. Safari 15.6.1 for macOS Big Sur and Catalina addressed an actively exploited zero-day vulnerability tracked as CVE-2022-32893. The flaw is an out-of-bounds write issue in WebKit and the IT giant fixed it with improved bounds […]

Pierluigi Paganini June 20, 2022
Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild

Google Project Zero experts disclosed details of a 5-Year-Old Apple Safari flaw actively exploited in the wild. Researchers from the Google Project Zero team have disclosed details of a vulnerability in Apple Safari that was actively exploited in the wild. The vulnerability, tracked as CVE-2022-22620, was fixed for the first time in 2013, but in […]

Pierluigi Paganini July 14, 2021
Google: four zero-day flaws have been exploited in the wild

Google security experts revealed that Russia-linked APT group targeted LinkedIn users with Safari zero-day. Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year. The four security flaws were discovered earlier this year and affect Google Chrome, Internet Explorer, and WebKit browser […]

Pierluigi Paganini March 09, 2021
Apple fixes CVE-2021-1844 RCE that affects iOS, macOS, watchOS, and Safari

Apple released out-of-band patches to address a remote code execution, tracked as CVE-2021-1844, that affect iOS, macOS, watchOS, and Safari web browser. Apple has released out-of-band security patches to address a critical iOS, macOS, watchOS, and Safari web browser to address a security flaw tracked as CVE-2021-1844. The vulnerability was discovered by Clément Lecigne of […]

Pierluigi Paganini January 09, 2018
Apple released patches to fix Spectre flaws in Safari, macOS, and iOS

Apple released iOS 11.2.2 software, a macOS High Sierra 10.13.2 supplemental update, and Safari 11.0.2 to fix Spectre flaws. On Monday, Apple released patches to fix Spectre flaws in Safari, macOS, and iOS, the tech giant released iOS 11.2.2 software a macOS High Sierra 10.13.2 supplemental update. The patches also fixed vulnerabilities in Apple WebKit, the web […]

Pierluigi Paganini March 17, 2017
Welcome to Pwn2Own 2017 – Researchers hacked Adobe Reader, Edge, Ubuntu, and Safari

Pwn2Own 2017 is started, as usual, it is a great event to see hackers at work. In the first day, experts hacked Edge, Safari, Ubuntu, and Adobe Reader. Pwn2Own 2017 competition held in Vancouver (Canada) is started, as usual, it is a great event to see hackers at work. In the first day Bug bounty hunters […]

Pierluigi Paganini March 21, 2015
Major Browsers hacked at Pwn2Own hacking competition

At the  Pwn2Own hacking competition two researchers hacked the four major browsers, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Safari. Two researchers on Thursday successfully hacked the four major browsers, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, at the Pwn2Own, the annual hacking contest in Vancouver. In particular the Korean researcher […]

Pierluigi Paganini February 28, 2014
Secunia analyzed vulnerabilities in the Top 50 portfolio products

Secunia’s Vulnerability Review 2014 provides an interesting analysis of the number of vulnerabilities in the Top 50 portfolio products. The Secunia Vulnerability Review provides a vision on global vulnerability trends, evaluating carefully the 50 most popular programs on private PCs. These programs are practically everywhere, in many cases, they are key application for ordinary IT […]

Pierluigi Paganini December 15, 2013
Safari browser stores in plaintext previous secure session data

Researchers at Kaspersky Lab discovered Apple Safari browser stores previous secure session data unencrypted in a hidden folder. Apple’s Safari browser stores session information including authentication credentials used in previous HTTPS sessions to implement the feature “Reopen All Windows from Last Session”. Safari stores in a plain text XML file called  Property list, or plist, […]