Improper Input Validation in Apple Safari - #VU46006
Published: August 25, 2020
Vulnerability identifier: #VU46006
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apple Safari
Apple Safari
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in the Web Share API. A remote attacker can trick a victim to share a message and gain unauthorized access to sensitive information on the system, such as local files.
Note: This vulnerability affects iOS (13.4.1, 13.6), macOS Mojave 10.14.16 with Safari 13.1 (14609.1.20.111.8) and on macOS Catalina 10.15.5 with Safari 13.1.1 (15609.2.9.1.2).
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.