💻 Check out Blaze Information Security: https://www.blazeinfosec.com/
✉️ Sign up for BBRE Newsletter: https://mailing.bugbountyexplained.com/
📧 Subscribe to BBRE Premium: https://premium.bugbountyexplained.com/
📣 Follow me on Twitter: https://twitter.com/gregxsunday

This video is an explanation of a bug bounty report submitted to the Apple bug bounty program about a chain of four 0-days that resulted in a uXSS (universal cross-site scripting) in the Safari browser. The attack resulted in every single page in Safari being compromised. The reported, Ryan Pickren, got a bug bounty of $100,500 for reporting this bug.

🖥 Get $100 in credits for Digital Ocean: https://m.do.co/c/cc700f81d215

Report:
https://www.ryanpickren.com/safari-uxss
Reporter’s Linkedin:
https://www.linkedin.com/in/pickren/

Timestamps:
00:00 Intro
00:33 Blaze Information Security – the sponsor of the video
01:10 What is a Web Archive format?
01:44 What is a universal cross-site scripting (uXSS)?
02:30 Delivering the file to the victim using ShareBear application and icloud-sharing:// scheme
04:38 Bypassing Gatekeeper
05:52 Predicting the path of downloaded file
06:40 The whole exploit

Add comment

Your email address will not be published.