Categories: News

Apple users, attackers could be using this Safari hack to access your webcam

You know how Apple users are always talking about the supposedly better security that the ecosystem offers? Whether that is a factual statement or not, Apple’s reputation for security has been arguably well-earned over the years. However, a security researcher has now shared his discovery of a vulnerability on the Safari browser that allows attackers to take control of your Apple device’s camera.

According to Ryan Pickren, the issue affects Desktop Safari for Mac computers, as well as Mobile Safari on iPhones and iPads. All that’s needed is for victims to click a malicious link to give attackers access to front and rear cameras (or just the front on a Mac), microphones, screensharing, and potentially other private information like plaintext passwords.

How does this work?

SOURCE

Basically, the hack works by duping the Safari browser into believing that a malicious website is a trusted one. Normally, the camera apps on iOS and macOS require specific permissions—the ones you usually see in pop-up alerts when using an app for the first time. However, Pickren discovered vulnerabilities in Safari that allows some of Apple’s apps to access the camera without any permission prompts.

“My research uncovered seven zero-day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787), three of which were used in the kill chain to access the camera.”

What’s even more worrying is that “new web technologies” also mean that certain websites can access your camera—all you need to do is to click on, say, a banner ad.

“If the user chooses a suitable browser which they know can trust, then all WebRTC communication can be considered ‘secure’ […] In other words, the level of trust provided to the user by WebRTC is directly influenced by the user’s trust in the browser.” 

When dealing with site permissions, users often save their preferences in the Safari browser. These permissions often cover microphone and camera access (among others), and attackers take advantage of this by creating websites that appears to Safari as a “trusted website”. This then grants the site the same permissions that you might have earlier granted to a video conferencing app like Skype or Zoom.

SOURCE

Attackers could theoretically use websites, ad banners, or even browser extensions to take advantage of the vulnerability, and the issue is basically how Safari handles URLs and recognises “secure” sources. Essentially, the attack works by disguising a malicious site as a trusted source. Here’s how it works, in technical terms:

  • Open evil HTTP website
  • HTTP website becomes a data: URI
  • data: URI becomes a blob: URI (with magic blank origin)
  • Manipulate window.history (in 2 parts!)
  • Create an # iframe and document.write to it
  • Dynamically give this iframe the sandbox attribute
  • Attempt an impossible frame navigation using X-Frame-Options
  • From within the iframe, window.open a new popup and document.write to it
  • Profit

Pickren reported the bug to Apple’s Security Bounty Program, and received USD75,000 (~RM319,050) for his efforts. Wired reports that the vulnerabilities have already been patched in the latest January and March updates, so be sure to keep your Safari and iOS/macOS versions updated. As always, you should always only click links from sources that you trust, and always be aware of the permissions that you are granting—especially if you’re visiting new, unknown websites.

[ SOURCE , 2 ]

Recent Posts

Nissan Kicks e-Power now open for booking in Malaysia, priced below RM130,000

Edaran Tan Chong Motor (ETCM) has announced that the Nissan Kicks e-Power is now open…

3 hours ago

TikTok, Content Forum and UiTM empowers students with Digital Literacy to promote a safer digital space

TikTok in partnership with Communications and Multimedia Content Forum of Malaysia (CMCF) have recently organised…

6 hours ago

Tesla owners in Malaysia can finally use the Autopark feature

Tesla owners in Malaysia have reported that their vehicles can now perform the Autopark feature.…

6 hours ago

Asus ROG Phone 9 series launching in Malaysia on 10th December 2024

After unveiling its latest smartphones, the Asus ROG Phone 9 series, to the world, Asus…

6 hours ago

WhatsApp Voice Message Transcripts converts voice into text

WhatsApp has introduced a new Voice Message Transcripts feature which allows users to easily convert…

13 hours ago

Every Transaction Could Make You a Monthly Millionaire – Here’s How with Maybank’s MAE

This post is brought to you by Maybank. Unlock more than just transactions with MAE’s…

24 hours ago

This website uses cookies.