Apple, No Longer Hack-Free? Hackers Can Now See and Hear Through iOS and macOS
Apple has been able to build a reputation for their security method but over the recent years, apple has had a few missteps. A security researcher recently shared new discoveries about the dangers of certain vulnerabilities that have already allowed attackers to use three Safari bugs to get into the victims webcam and microphone on both iOS and macOS.
Apple has already patched up these certain vulnerabilities in both January and March updates but before the fix, a simple malicious link would grant the attacker access to spy on the victim. According to Ryan Pickren who is a security researcher, "Safari encourages users to save their preferences for site permissions, like whether to trust Skype with microphone and camera access."
How did these bugs cause damage?
Pickren found certain bugs that stem from some minor oversights just like how Safari's list of permission which a user has granted treats every single URL variation as part of the same site! It goes like this, if a website's name is "https://example.com" other variations just like "fake://example.com" would still be considered as one!
Pickren said that the hackers are able to "wiggle around" and craft URLS which could work as embedded scripts in the malicious site that could act like a bait-and-switch that would then trick Safari. "I just kind of hammered the browser with really weird cases until Safari got confused and gave an origin that didn't make sense."
A recent hack incident
There was an incident where a hacker was able to trick the victim into clicking a certain malicious link which then launched into the victim's webcam and microphones as well capturing videos, taking photos, and also recording audios. The attack would possibly work on other devices just like iPhones, iPads, and also Macs alike.
The flaws are not found in Apple's microphone or webcam protection themselves or even in how Safari's defense functions against malicious sites from accessing the sensor. The attackers were just really able to break certain barriers by creating a general convincing discuise.
Pickren then submitted a series of seven possible vulnerabilities in Apple's bug bounty program back in mid-December and he has also stated that he was able to get response that the company had finally validated said bugs the following day. Although hackers would only make use of three of the bbugs in order to control the webcam as envisioned by Pickren, he has still found another flaw which he submitted as well.
The last vulnerability
According to Pickren, the very reason that he has been able to encounter these extra bugs was because he was looking for a chain that would work well on both the iOS as well as macOS since Safari is designed a little different for each.
Apple has grown its bug bounty program last December in order to accept certain vulnerabilities for the betterment of its products making a healthier relationship with users and outside security researchers.
Apple iPhone 13 Camera Setup Leak for 2021!
Although the iPhone 12 has not yet reached the market, the iPhone 13's possible camera setup has already been leaked!
How to Use Apple Schoolwork 2.0 for Easier Online Classes
The update Apple Schoolwork 2.0 aims to provide the classroom experience to students who are struggling at home. Here's how to use it.
Rumor: Apple iPhone 12 Could Actually Be Portless
Rumors circulate online saying that the upcoming Apple iPhone 12 could actually be built without ports!
Hackers Now Use Bluetooth to Penetrate Secured Device
Hackers are now capable of accessing your secured device through Bluetooth!
[Scoop] Apple Users Alarmed Over iOS 13.5 Public Beta with Contact Tracing Update Amid Privacy Issues
The Apple iOS 13.5 public beta will prioritize helping the fight against coronavirus but may compromise on convenience.
MORE IN ITECHPOST
New Feature Alert: YouTube's New "Chapters" Allows You to Mark Specific Content in Videos
YouTube's new feature allows users to mark specific content in videos. Save time and get straight to the point!
Benefits of LED Grow Lights for Your Indoor Plants
There has been a surge in the number of growers cultivating indoor crops. Some turn to indoor farming in areas like cities, where there are almost no green spaces. Growing indoors takes advantage of otherwise wasted space and makes it possible for anyone to create an indoor garden.
Darkest Dungeon Is Celebrating Its New DLC With A Free Weekend: Here Are Some Tips To Help You Out!
Red Hook Studio's Darkest Dungeon has had a new DLC released on Steam and with it a free weekend. Grab the PvP game and try it out after reading these tips on how you can play the game the best you can.
[Spoiler Alert] Jurassic World 3: Will the Original Cast Be Back?
Jurassic World III is on its way and if you're wondering if you're expecting everything to be the same, you might be surprised. A source stated that the former cast of the Jurassic Park movie trilogy would be reprising their roles in Jurassic World: Dominion.