Vulnerability
Safari reader download permission bypass
Vulnerability Description
A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode
CVE-ID
CVE-2020-9912
Vendor
Apple
Product
- Safari for macOS before 13.1.2
Disclosure Timeline
- 19 April 2020 reported to the vendor
- 15 July 2020 fixed released by the vendor
Credits
Nikhil Mittal