A new security breach found in iOS 13 and macOS Catalina can lead anyone to get the user’s navigation history in Safari. Due to an unexpected behavior, Safari Web Share API is able to access internal system files such as the browsing history database, which can be easily shared through other apps.
As explained by the specialized cybersecurity blog Redteam.Pl, hackers can implement a modified button with the Safari Web Share API to request internal operating system files that are not accessible by the user.
If you’re not familiar with the Web Share API, it enables apps and websites to offer what is called a “Share Sheet,” allowing users to easily share web content with others through apps like Mail, Messages, and more. When you tap a Share button, it shares a defined URL or file.
Redteam.Pl found that, for some unknown reason, anyone can easily add the Safari Web Share API to a webpage with code to request internal files with sensitive information by using “file:” scheme.
They pointed the Share button to the system’s History.db file, which contains the user’s entire browsing history in Safari. In a normal condition, this file should be inaccessible to users, but the Web Share API can read it and send it through other apps. Once this file is sent to another person, it can be opened by any app that manages SQLite databases.
The result is something like what you can see in the tweet below: