This website requires JavaScript.

Safari Data Leak Uncovered After Patch Delay To 2021

Ryan Anand

| 3 months ago


On Monday, August 24th, Researcher Pawel Wylecial discovered a Safari bug after hearing about the delay till Spring 2021 of the patch.

Pawel Wylecial is the founder of the Polish research group REDTEAM.PL. Back in April 2020, he was the first to find and inform Apple about the patch issue where user information could be leaked. The leaked data could be stolen on both iOS and Mac devices.

Wylecial found the bug in Apple's Web Share API, which is a new way to share links, files and other user information from the browser through third-party applications. Apple's error in this step is that it supported the "file:scheme," which would share files and data from the user's local system.

Although the feature requires users to enable the data leak, some could be unaware that they are sharing their data.

The issue at hand isn't about the implemented feature, but about Apple's approach to resolving the situation.

Apple shared that it is aware of the issue after hearing from Wylecial, but has not followed-up on the concern since then.

Wylecial shared that he told Apple to disclose the concern soon or he will share the information to the public on August 24th, 2020. Apple asked Wylecial to refrain from sharing the details until Apple announces its security update in Spring 2021.

The public hears about the issue now as a result of Wylecial's choice to inform Apple users sooner than later.

allapplenews-product-macOS Catalina

System Covered

macOS Catalina
Release Date:
October 2019


macOS Catalina helps you get the most out of your Mac. With new features like Voice Control and Side Car, you'll have a brand-new Mac experience. Meanwhile, you get a host of upgrades to old features, giving you a refresh of the familiar system. Get the macOS Catalina on your Mac now for maximum performance.

Want products news and updates?

Sign up for our newsletter to stay up to date.

We care about the protection of your data. Read our Privacy Policy.