The UC Browser IOS environment can remotely steal internal private files (such as cookies) or UXSS

The UC Browser IOS environment can remotely steal internal private files (such as cookies) or UXSS

Test on the latest iOS 7.x version (if iOS 8 is not considered for the time being) without jailbreak.

UC Browser will receive files uploaded by users through the open with function in other iOS apps. When the file is a webpage file as follows, the attack effect can be achieved.
 

The following uses uc. db as an example. Of course, attackers can steal other private files with fixed paths (such as users' own private files ).

Remote stealing: when the user installs or QQ, The fileatk_iosuc.html is sent to the target user and told him to open it. Naturally, the UC Browser has a high probability of being selected and the attack succeeds.

When the user installs or QQ, The fileatk_iosuc.html is sent to the target user and told him to open it. The following prompt is displayed:
 

Naturally, he will open it with other apps. UC Browser has a high probability of being selected, and then the attack succeeds.

Remotely steal uc. db
 

UXSS for Baidu Network Disk (if you have logged on, you can know the content)

Replace the above Code with var aim = 'HTTP: // yun.baidu.com/'then.
 

 

Solution:

Fix file: // (for example, disable JS execution ).

In addition, UC Browser + and UC Browser HD do not seem to have found this problem.