Wired: Hacker Found a Way to Take Over Any Apple Webcam

Maddox

Well-known member
Member
Joined
Dec 11, 2018
Messages
1,222
Trophies
0
Apple has a well-earned reputation for security, but in recent years its Safari browser has had its share of missteps. This week, a security researcher publicly shared new findings about vulnerabilities that would have allowed an attacker to exploit three Safari bugs in succession and take over a target's webcam and microphone on iOS and macOS devices.

Apple patched the vulnerabilities in January and March updates. But before the fixes, all a victim would have needed to do is click one malicious link and an attacker would have been able to spy on them remotely.

"Safari encourages users to save their preferences for site permissions, like whether to trust Skype with microphone and camera access," says Ryan Pickren, the security researcher who disclosed the vulnerabilities to Apple. "So what an attacker could do with this kill chain is make a malicious website that from Safari’s perspective could then turn into 'Skype'. And then the malicious site will have all the permissions that you previously granted to Skype, which means an attacker could just start taking pictures of you or turn on your microphone or even screen-share."

The bugs Pickren found all stem from seemingly minor oversights. For example, he discovered that Safari's list of the permissions a user has granted to websites treated all sorts of URL variations as being part of the same site, like https://www.example.com, http://example.com, and fake://example.com. By "wiggling around," as Pickren puts it, he was able to generate specially crafted URLs that could work with scripts embedded in a malicious site to launch the bait-and-switch that would trick Safari.

 

Demon_skeith

Well-known member
Member
Joined
Mar 24, 2019
Messages
2,080
Trophies
0
Kind of a bad time for the user to be hit by this, as a lot of people have been buying tvs and webcams due to being stuck at home.
 

Latest content

General chat
Help Show users
  • No one is chatting at the moment.
  • S @ Sangay23:
    hello i am Sangay23
  • PGen98 @ PGen98:
    Hi @Sangay23 it's good to meet you :)
  • O @ odrio89:
    hi all
  • A @ Augment:
    Test to see if I can send a link in chat. Imgur: The magic of the Internet
  • A @ Augment:
    Oh hey it worked! This is my db schema so far
  • PGen98 @ PGen98:
    That's a good start!
  • A @ Augment:
    I'm a bit confused what I should do for user/vote relationship. Should it be a one to many from user or a one to one?
  • A @ Augment:
    So that a user can only vote once per thread
  • PGen98 @ PGen98:
    I want to say it's one to one, but in all honesty I'm a bit fuzzy there. I can recommend JoyFreak's sister site AdminIntel - Admin & Webmaster Resource where there are lots for people of varying degrees of expertise with development, you likely can get a far more precise answer there!
  • A @ Augment:
    Wow what a fantastic resource. Thank you very much for the help
    +1
  • BigPete7978 @ BigPete7978:
    Hey all!
  • S @ shadowflare014:
    Morning everyone
  • PGen98 @ PGen98:
    Hope everyone in Mississippi is staying safe, that tornado was absolutely brutal!
  • R @ Ramzi23:
    Salut je suis nouveau ici moi c'est ophny
    R @ Ramzi23: Salut je suis nouveau ici moi c'est ophny
    Top