A new security breach found in iOS 13 and macOS Catalina can lead anyone to get the user’s navigation history in Safari. Due to an unexpected behavior, Safari Web Share API is able to access internal system files such as the browsing history database, which can be easily shared through other apps.

As explained by the specialized cybersecurity blog Redteam.Pl, hackers can implement a modified button with the Safari Web Share API to request internal operating system files that are not accessible by the user.

If you’re not familiar with the Web Share API, it enables apps and websites to offer what is called a “Share Sheet,” allowing users to easily share web content with others through apps like Mail, Messages, and more. When you tap a Share button, it shares a defined URL or file.

Redteam.Pl found that, for some unknown reason, anyone can easily add the Safari Web Share API to a webpage with code to request internal files with sensitive information by using “file:” scheme.

They pointed the Share button to the system’s History.db file, which contains the user’s entire browsing history in Safari. In a normal condition, this file should be inaccessible to users, but the Web Share API can read it and send it through other apps. Once this file is sent to another person, it can be opened by any app that manages SQLite databases.

The result is something like what you can see in the tweet below:

However, while this security breach can easily be explored by someone with basic knowledge of HTML code, it requires tricking the user since the gathered file is not automatically sent to other people. With just a simple code, the attached file is shown far below the regular Mail compose view, so most users wouldn’t notice that they’re sending their browsing history to someone else.

The most difficult part, of course, is convincing the user to send an email or message with that file to a specific address.

Redteam.Pl researchers contacted Apple in April this year to report the security breach, and the company confirmed that it is investigating the issue without further details. 9to5Mac was able to reproduce the code and we can confirm that it works as described.

However, we haven’t been able to reproduce it on any device running iOS 14 or macOS Big Sur, which suggests that Apple has already fixed this breach with its latest beta releases. Apple has yet to confirm whether the issue will be fixed for users running older versions of iOS and macOS, as iOS 14 and macOS Big Sur are only expected to be available to the public this fall.

You can read more in-depth details about it on Redteam.Pl’s website.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.