Technical
Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

...
...

Vulnerability

Safari reader download permission bypass

Vulnerability Description

A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode

CVE-ID

CVE-2020-9912

Vendor

Apple

Product

  • Safari for macOS before 13.1.2

Disclosure Timeline

  1. 19 April 2020 reported to the vendor
  2. 15 July 2020 fixed released by the vendor

Credits

Nikhil Mittal