$100k Hacking any website in Safari with uXSS – a 0-day chain
✉️ Sign up for BBRE Newsletter: https://mailing.bugbountyexplained.com/
? Subscribe to BBRE Premium: https://premium.bugbountyexplained.com/
? Follow me on Twitter: https://twitter.com/gregxsunday
This video is an explanation of a bug bounty report submitted to the Apple bug bounty program about a chain of four 0-days that resulted in a uXSS (universal cross-site scripting) in the Safari browser. The attack resulted in every single page in Safari being compromised. The reported, Ryan Pickren, got a bug bounty of $100,500 for reporting this bug.
? Get $100 in credits for Digital Ocean: https://m.do.co/c/cc700f81d215
Report:
https://www.ryanpickren.com/safari-uxss
Reporter’s Linkedin:
https://www.linkedin.com/in/pickren/
Timestamps:
00:00 Intro
00:33 Blaze Information Security – the sponsor of the video
01:10 What is a Web Archive format?
01:44 What is a universal cross-site scripting (uXSS)?
02:30 Delivering the file to the victim using ShareBear application and icloud-sharing:// scheme
04:38 Bypassing Gatekeeper
05:52 Predicting the path of downloaded file
06:40 The whole exploit
Add comment