A security researcher has recently shared details about a bag which was found in the Safari browser of the iPhone. The name of the security researcher is Pawel Wylecial and he is also the co-founder of polished security form called REDTEAM.PL. He shared that the bug was reported to the company earlier this year in the month of April but the makers decided to delay fixing the patch to the spring of 2021 which forced the researcher to address the bug publicly. The blog post of the researcher was published today. He explained the bug in the blog post.
According to his research, the bug resides in the browser of the phone called Safari. Specifically, it is in Safari’s implementation of the Web Share API. Web Share API is a new web standard which was introduced for sharing text, links, files, and other content. Safari browser supports sharing files that are stored in the user local memory. The disadvantage of this feature is that malicious web pages can force the user to share an article through email with their friends but this might end up in the leaking of file from their device. However, the issue is not very serious because all of the users cannot be tricked by the malicious website.
Although the main issue of the researcher was that Apple was quite ignorant about the whole situation. The company delayed the fixing of the issue until next year. Apple delayed the issue for more than one year. Although, the company has already announced a new dedicated bug bounty program but is willingly delaying the bug and not listening to the security researchers. Many of the other security researchers also came forward after Wylecial disclosed his issue. As per a researcher, Apple’s bug bounty program literally addressed “to keep researchers quiet about bugs for as long as possible.”
Similar incidents have been taking place regarding the bugs but the company seems to be silent on the issue.