Thursday, November 26, 08:58
Home security The camera on iOS / macOS can be hacked with a single ...

The camera on iOS / macOS can be hacked with a single click

camera

As discovered by a security researcher, a malicious agent can hack the camera of a iOS or macOS with a single click on a link, taking advantage of vulnerabilities zero-day on Safari.

IOS and macOS security require each application who wants to have access to the camera, to get permission only manually. However, Apple's apps, such as Safari, have access by default.

Security researcher Ryan Pickren He discovered seven new vulnerabilities in Safari browser that allow an intruder to access camera, microphone or location a device, and in some cases had access to stored passwords.

Exploitation of camera access errors

The security researcher began exploiting bugs using JavaScript data parameters and was initially unsuccessful when he tried to parse through the file path used for remote or FTP access (file: //host.example.com/Share/path/to/file.txt), Safari has identified it as a normal URL.

"The page accepted this URL and reloaded the same content, which means I was able to change the document.domain using this simple trick."

So now the Safari browser believes that the connected site is skype9.0com. By opening the local file, attackers can execute a malicious script and gain access to the camera, microphone and screen sharing.

He also discovered another error (CVE-2020-9784 & CVE-2020-3887) which bypasses the automatic download prevention in the Safari browser.

Using the URI blob: //skype.com a popup can be activated and used to run arbitrarily JavaScript.

Using all of these vulnerabilities, one can gain access to a camera, microphone, or iOS / macOS location, and in some cases, stored passwords.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Mac: How to disable Favicons in Safari

Apple has decided that in Safari 14.0 and later versions it will display the favicons on the tabs. You do not like this ...

Android: How to enable dark mode

Dark Mode is a function in mobile and desktop operating systems that changes the user interface to a dark background. Many...

How to turn off the "Meet Now" feature in Windows 10

Earlier this year, Microsoft added Skype "Meet Now" to Windows 10 previews and ...

NCSC: Fix CVE-2020-15505 RCE Critical Error on MobileIron Platform

The National Cyber ​​Security Center of the United Kingdom (NCSC) issued a warning yesterday, urging all organizations to correct the critical ...

For the first time since the Middle Ages, on December 1 Jupiter-Saturn coupling

Jupiter and Saturn are going to align in a way that has not been done since the Middle Ages, astronomers say. When the...

Ransomware attacks have boosted Coalition revenue

Ransomware attacks, which encrypt a computer files and demand ransom for their decryption, have seen a dramatic increase in ...

The new version of Stantinko malware appears as an Apache web server

Stantinko, one of the oldest malware botnets, has updated its Linux malware, upgrading its trojan to appear as ...

Peatix user data has been leaked

One of the most popular events organizing applications, Peatix, was attacked, with a hacker leaking this month the ...

The M1 Macs can run six external monitors with DisplayLink

YouTuber Ruslan Tulupov states that it is possible to run up to six external screens from the M1 Mac mini and five ...

New WAPDropper malware infects Android devices for WAP scams

Check Point security researchers have discovered a new Android malware, which is used in attacks against users in Southeast Asia (mainly). New...