There is a vulnerability in Apple’s web browser, Safari, that makes the browser download resources from websites without asking a user’s permission. This includes malicious iframes and scripts such as downloading a file as many times as what the script intended to do.

“Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads. We want to set your expectations that this could take quite a while, if it ever gets incorporated,” said someone from Apple’s security team.

The researcher for this vulnerability is Nitesh Dhanjani. He also said that he discovered a seperate, high-risk vulnerability and Apple promised to fix it.

Source: The Register