6.3.3 Ensure Warn When Visiting A Fraudulent Website in Safari Is Enabled

Information

Apple uses the Google Safe Browsing API to check for fraudulent websites and report them to the user attempting to visit one.

Attackers use crafted web pages to social engineer users to load unwanted content. Warning users prior to loading the content enables better security.

Solution

Profile Method:

Create or edit a configuration profile with the following information:

- The PayloadType string is com.apple.Safari
- The key to include is WarnAboutFraudulentWebsites
- The key must be set to: <true/>

Note: Since the profile method sets a system-wide setting and not a user-level one, the profile method is the preferred method. It is always better to set system-wide than per user.

Impact:

Once-compromised websites serving malware could be sanitized and remain in the database, though there is no widespread reporting of that risk.

See Also

https://workbench.cisecurity.org/benchmarks/18635

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|SC-7(3), 800-53|SC-7(4), 800-53|SC-18, CSCv7|7.1, CSCv7|7.4

Plugin: Unix

Control ID: c26c920aafd742d2ec6eb5050ca2feb228c23ea0138dfde456d2d1388b7fd719