Safari Security Vulnerability - CSP policy bypassed script on Safari while chrome successfully blocking it.

on our web pages we have allowed certain sources of scripts though content-security-policy meta tag which is working fine as expected on Chrome browser and on Internet Edge.

However there is a script called morosa.top when it inserted in our html page, safari is not able to block it while it was supposed to block.

if this script gets executed it start taking screenshots of screen and post it to hacker.

Please check this could be a potential issue.

[Edited by Moderator]

Up vote post of pravin_iitr Down vote post of pravin_iitr
495 views
Posted by
pravin_iitr
Reply
Add a Comment

Replies

DevForums is primarily focused on helping developers use Apple’s APIs and tools. If you’re goal is to report a potential security vulnerability, you have a couple of options:

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment