5 matches found
Mac OS X Safari .webarchive File Format UXSS
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Mac OS X Safari .webarchive File Format UXSS', 'Description' = %q Generates a .webarchive file for Mac OS X Safari that will attemp...
Apple Pays $100.5K Bug Bounty for Mac Webcam Hack
A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug UXSS Safari bug has been awarded what is reportedly a record $100,500 bug bounty. The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by...
Mac OS X Safari file:// Redirection Sandbox Escape
Versions of Safari before 8.0.6, 7.1.6, and 6.2.6 are vulnerable to a "state management issue" that allows a browser window to be navigated to a file:// URL. By dropping and loading a malicious .webarchive file, an attacker can read arbitrary files, inject cross-domain Javascript, and silently...
Apple Safari webarchive File Format UXSS
A UXSS stack vulnerability has been reported in the Apple Safari webarchive File Format...
Mac OS X Safari .webarchive File Format UXSS
Generates a .webarchive file for Mac OS X Safari that will attempt to inject cross-domain Javascript UXSS, silently install a browser extension, collect user information, steal the cookie database, and steal arbitrary local files. When opened on the target machine the webarchive file must not hav...