Safari is Apple’s default browser that comes bundled with their iOS and macOS devices. It’s a pretty decent browser but unfortunately, it seems that it might not necessarily be the most secure. This is according to a demonstration made at a white-hat hacker security conference in Vancouver, Canada.
According to the demonstration, it seems that two exploits were discovered in Safari. The first exploit allowed it to escape Apple’s built-in sandbox, and while that’s pretty bad on its own, the second was actually more worrying because it allowed the hackers to gain both root and kernel access to the Mac computer which means that they could in theory takeover your computer entirely.
What’s a bit disturbing about this is that this isn’t the first time that hackers have used Safari to gain control of a Mac. Back in 2018, there was another zero-day Safari exploit that allowed hackers to gain control of the Touch Bar on a MacBook laptop. The good news is that Apple is aware of at least one the exploits, and presumably, they should now be aware of the second.
Hopefully, the company will issue a patch soon that will close these security holes, and the good news is that to date we haven’t heard of anyone being affected by it. The researchers who discovered the exploit, the phoenhex & qwerty team, were awarded $45,000. More details can be found on ZDI’s website.