-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Safari Browser | Breaking Cybersecurity News | The Hacker News

Category — Safari Browser
Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs

Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs

6月 29, 2026 Artificial Intelligence / Vulnerability
Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below - CVE-2026-43707 - A memory corruption issue that could result in an unexpected process crash when processing maliciously crafted web content. It was addressed with improved memory handling. CVE-2026-43716 - An unspecified issue that could result in an unexpected Safari crash when processing maliciously crafted web content. It was addressed with improved memory handling. CVE-2026-43745 - An out-of-bounds write issue that could result in an unexpected Safari crash when processing maliciously crafted web content. It was addressed with improved input validation. CVE-2026-43715 - A use-after-free issue that could result in memory corruption when processing m...
Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

8月 29, 2024 Browser Security / Vulnerability
Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement Lecigne said in a report shared with The Hacker News. The activity, observed between November 2023 and July 2024, is notable for delivering the exploits by means of a watering hole attack on Mongolian government websites, cabinet.gov[.]mn and mfa.gov[.]mn. A watering hole attack, also called a strategic website compromise attack, is a form of cyber attack that targets groups of users or those within a particular industry by compromising websites that they commonly visit in order to serve them with malware and gain access to their systems. The intrusion set has been attributed wi...
Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam

Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam

1月 31, 2022
Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam. Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensated with a $100,500 bug bounty, underscoring the severity of the issues. By exploiting a chain of security issues with iCloud Sharing and Safari 15, it enables the attacker to hijack the multimedia permission and gain "full access to every website ever visited by the victim" in Safari, including Gmail, iCloud, Facebook, and PayPal accounts. The  issues  specifically concern ShareBear, an iCloud file-sharing mechanism that prompts users upon attempting to open a shared document for the first time. Taking advantage of the fact that users are never displayed the prompt again once they accept to open the file, Pickren found that it's possible to alter the file's content to...
cyber security

The Systems That Power America Are Under Threat. Is Your ICS/OT Program Ready?

websiteSANS InstituteCritical infrastructure / Webinar
Discover where federal ICS programs are most exposed and what closing the skills gap requires in practice.
cyber security

Inside Device Code Phishing: Live Demos, Real Kits, and What's Next

websitePush SecurityPhishing Attack / Webinar
Device code attacks are up 37x this year, with 18+ kits in the wild. Now available on-demand.
New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

1月 16, 2022
A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed  IndexedDB Leaks , was disclosed by fraud protection software company FingerprintJS, which  reported the issue  to the iPhone maker on November 28, 2021. IndexedDB is a low-level JavaScript application programming interface (API) provided by web browsers for managing a  NoSQL database  of structured data objects such as files and blobs. "Like most web storage solutions, IndexedDB follows a same-origin policy," Mozilla  notes in its documentation  of the API. "So while you can access stored data within a domain, you cannot access data across different domains." Same-origin is a  fundamental security mechanism  that ensures that resources retrieved from distinct  origins  — i.e., a  combina...
Expert Insights Articles Videos
Cybersecurity Resources