SB2018090621 - Spoofing attack in Apple Safari

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018090621

SB2018090621 - Spoofing attack in Apple Safari

Published: September 6, 2018 Updated: September 6, 2018

Security Bulletin ID SB2018090621
Severity
Critical
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Spoofing attack (CVE-ID: N/A)

The vulnerability allows a remote attacker to conduct spoofing attack.

The weakness exists due to the way macOS processes URI handlers with enabled "Open Safe Files" setting in Safari browser. A remote attacker can create a specially crafted web page, trick the victim into clicking on a spoof dialog box and force unauthorized downloading of malicious file (e.g. ZIP-archive). Once downloaded, the archive will be automatically extracted.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: the vulnerability is being exploited in the wild by the WindShift APT actor against government organizations in the Middle East.



Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References