Improper Input Validation in Apple Safari - #VU46006

 

Improper Input Validation in Apple Safari - #VU46006

Published: August 25, 2020


Vulnerability identifier: #VU46006
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Apple Inc.
Affected software:
Apple Safari

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in the Web Share API. A remote attacker can trick a victim to share a message and gain unauthorized access to sensitive information on the system, such as local files.

Note: This vulnerability affects iOS (13.4.1, 13.6), macOS Mojave 10.14.16 with Safari 13.1 (14609.1.20.111.8) and on macOS Catalina 10.15.5 with Safari 13.1.1 (15609.2.9.1.2).  


Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources