You might consider Safari to be the safest web browser for macOS, but one security researcher has proven it’s not completely bulletproof.
Patrick Wardle has demonstrated how hackers can remotely infect a Mac with malicious software using a Safari vulnerability. Apple’s built-in protections can do nothing to stop it.
As Apple machines have risen in popularity, an increase in attacks has followed. The days when you could use a Mac without the fear of it being infected are long gone. Wardle’s exploit proves that simply browsing the web in Safari lead to serious problems.
Safari exploit leaves users open to attack
In a lengthy explainer, Wardle reveals how an attacker can take advantage of the way in which Safari processes document and URL handlers to inject malware onto a Mac. It starts when a user visits a malicious website.
“Once the target visits our malicious website, we trigger the download of an archive (.zip) file that contains our malicious application,” Wardle explains. “If the Mac user is using Safari, the archive will be automatically unzipped, as Apple thinks it’s wise to automatically open “safe” files.”
Read more at cultofmac.com