You know how Apple users are always talking about the supposedly better security that the ecosystem offers? Whether that is a factual statement or not, Apple’s reputation for security has been arguably well-earned over the years. However, a security researcher has now shared his discovery of a vulnerability on the Safari browser that allows attackers to take control of your Apple device’s camera.
According to Ryan Pickren, the issue affects Desktop Safari for Mac computers, as well as Mobile Safari on iPhones and iPads. All that’s needed is for victims to click a malicious link to give attackers access to front and rear cameras (or just the front on a Mac), microphones, screensharing, and potentially other private information like plaintext passwords.
Basically, the hack works by duping the Safari browser into believing that a malicious website is a trusted one. Normally, the camera apps on iOS and macOS require specific permissions—the ones you usually see in pop-up alerts when using an app for the first time. However, Pickren discovered vulnerabilities in Safari that allows some of Apple’s apps to access the camera without any permission prompts.
“My research uncovered seven zero-day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787), three of which were used in the kill chain to access the camera.”
What’s even more worrying is that “new web technologies” also mean that certain websites can access your camera—all you need to do is to click on, say, a banner ad.
“If the user chooses a suitable browser which they know can trust, then all WebRTC communication can be considered ‘secure’ […] In other words, the level of trust provided to the user by WebRTC is directly influenced by the user’s trust in the browser.”
When dealing with site permissions, users often save their preferences in the Safari browser. These permissions often cover microphone and camera access (among others), and attackers take advantage of this by creating websites that appears to Safari as a “trusted website”. This then grants the site the same permissions that you might have earlier granted to a video conferencing app like Skype or Zoom.
Attackers could theoretically use websites, ad banners, or even browser extensions to take advantage of the vulnerability, and the issue is basically how Safari handles URLs and recognises “secure” sources. Essentially, the attack works by disguising a malicious site as a trusted source. Here’s how it works, in technical terms:
Pickren reported the bug to Apple’s Security Bounty Program, and received USD75,000 (~RM319,050) for his efforts. Wired reports that the vulnerabilities have already been patched in the latest January and March updates, so be sure to keep your Safari and iOS/macOS versions updated. As always, you should always only click links from sources that you trust, and always be aware of the permissions that you are granting—especially if you’re visiting new, unknown websites.
Australia is proposing to implement a law that will ban children under the age of…
Setel, the petrol and EV charging payment app from Petronas, will soon introduce a 1%…
This post is brought to you by Samsung. In today’s fast-paced world, finding time for…
This post is brought to you by Shopee. If you’re looking for an electronics marketplace…
BYD Sealion 7 will be launched in Malaysia on 14 November, according to Sime Darby…
Aside from the MG ZS EV, SAIC Motor Malaysia has also announced rebates for selected…
This website uses cookies.