An Image was able to compromise Safari (2022 bug bounty)

In this video, we take a look into a universal cross site scripting (UXSS) attack on Safari within MacOS, allowing an attacker to gain access to all of your browser permissions, cookies, and execute arbitrary javascript within any websites context. Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in web technologies, including JavaScript, sandboxing, and proper security practices are crucial. JOIN THE DISCORD! 👉   / discord   Original bug report by Ryan Pickren: https://www.ryanpickren.com/safari-uxss MUSIC CREDITS: LEMMiNO - Cipher    • LEMMiNO - Cipher (BGM)   CC BY-SA 4.0 LEMMiNO - Firecracker    • LEMMiNO - Firecracker (BGM)   CC BY-SA 4.0 LEMMiNO - Nocturnal    • LEMMiNO - Nocturnal (BGM)   CC BY-SA 4.0 LEMMiNO - Siberian    • LEMMiNO - Siberian (BGM)   CC BY-SA 4.0 LEMMiNO - Encounters    • LEMMiNO - Encounters (BGM)   CC BY-SA 4.0 Music by Vincent Rubinetti Download the music on Bandcamp: https://vincerubinetti.bandcamp.com Stream the music on Spotify: https://open.spotify.com/artist/2SRhE... 0:00 – Intro 1:06 - Webarchive files 2:54 – Attack overview 4:15 – URI schemes & deep linking 5:59 - iCloud file sharing & ShareBear 10:06 - url files 11:28 - dmg files 12:40 - Full exploit chain 14:18 - Closing #programming #software #softwareengineering #computerscience #code #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #zeroday #security #breaches #databreach #bug #bugbounty #penetrationtesting #backdoor #hacked #leak #exploitchain #zeroclick #chatbot #AI #chatgpt #openai #informationsecurity #trending #mac #apple #iphone #safari #xss #crosssitescripting #websecurity #browser #bowsersecurity #uxss #macOS #macvulnerability #insecure