HomesecurityThe camera on iOS / macOS can be hacked with a single ...

The camera on iOS / macOS can be hacked with a single click

camera

As discovered by a security researcher, a malicious agent can hack the camera of a iOS or macOS with a single click on a link, taking advantage of vulnerabilities zero-day on Safari.

IOS and macOS security require each application who wants to have access to the camera, to get permission only manually. However, Apple's apps, such as Safari, have access by default.

Security researcher Ryan Pickren He discovered seven new vulnerabilities in Safari browser that allow an intruder to access camera, microphone or location a device, and in some cases had access to stored passwords.

Exploitation of camera access errors

The security researcher began exploiting bugs using JavaScript data parameters and was initially unsuccessful when he tried to parse through the file path used for remote or FTP access (file: //host.example.com/Share/path/to/file.txt), Safari has identified it as a normal URL.

"The page accepted this URL and reloaded the same content, which means I was able to change the document.domain using this simple trick."

So now the Safari browser believes that the connected site is skype9.0com. By opening the local file, attackers can execute a malicious script and gain access to the camera, microphone and screen sharing.

He also discovered another error (CVE-2020-9784 & CVE-2020-3887) which bypasses the automatic download prevention in the Safari browser.

Using the URI blob: //skype.com a popup can be activated and used to run arbitrarily JavaScript.

Using all of these vulnerabilities, one can gain access to a camera, microphone, or iOS / macOS location, and in some cases, stored passwords.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement
spot_img

LIVE NEWS