Monday, July 13, 17:43 p.m.
Home security The camera on iOS / macOS can be hacked with a single ...

The camera on iOS / macOS can be hacked with a single click

camera

As discovered by a security researcher, a malicious agent can hack the camera of a iOS or macOS with a single click on a link, taking advantage of vulnerabilities zero-day at Safari.

IOS and macOS security require each application who wants to have access to the camera, to get permission only manually. However, Apple's apps, such as Safari, have access by default.

Security researcher Ryan Pickren He discovered seven new vulnerabilities in Safari browser that allow an intruder to access camera, microphone or location a device, and in some cases had access to stored passwords.

Exploitation of camera access errors

The security researcher began exploiting bugs using JavaScript data parameters and was initially unsuccessful when he tried to parse through the file path used for remote or FTP access (file: //host.example.com/Share/path/to/file.txt), Safari has identified it as a normal URL.

"The page accepted this URL and reloaded the same content, which means I managed to change the document.domain using this simple trick."

So now the Safari browser believes that the connected site is skype9.0com. By opening the local file, attackers can execute a malicious script and gain access to the camera, microphone and screen sharing.

He also discovered another error (CVE-2020-9784 & CVE-2020-3887) which bypasses automatic download prevention in the Safari browser.

Using the URI blob: //skype.com a popup can be activated and used to run arbitrarily JavaScript.

Using all of these vulnerabilities, one can gain access to a camera, microphone, or iOS / macOS location, and in some cases, stored passwords.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

MIT: They make a robot handle that will be able to distinguish cables!

MIT researchers have developed a robot handle with the ability to handle very thin objects such as ropes and cables, according to a statement.

Fedora 33: Will contain Nano as the default text editor

Have you ever thought, who is your favorite text editor, when we talk about operating systems based on ...

Hacker was selling databases of the Ukrainian government

A Ukrainian hacker has been arrested for selling confidential information collected from Ukrainian government databases. According to a ...
00:02:11

TikTok downloaded 49 million videos that violated the terms of use

TikTok downloaded more than 49 million videos from users around the world in the second half of 2019, according to ...

United Kingdom: Is Huawei's immediate foreclosure "dangerous"?

Philip Jansen, CEO of the British telecommunications company "BT", stated that any government move demands the immediate exclusion of the Huawei kit from ...

Dark Mode comes in Google Docs, Sheets and Slides for Android

Do you spend a lot of time using Google Docs, Sheets or Slides on your Android phone or tablet? We have good news for you ...

Hackers seek to exploit vulnerabilities in Citrix ADC

Last week, Citrix released fixes for a total of 11 vulnerabilities in some of its most popular products, in which ...

Data from 45 million travelers are on the dark web

Security researchers from Cyble discovered in the web web files of 45 million travelers from various countries with ...

Twitter: Users promote fake death news for celebrities!

Twitter users have used the platform of the popular media network to spread and promote false news of death for ...

Security experts in Australia: Rely on local technologies

Cyber ​​experts have urged Australia to be less dependent on foreign companies, technologies and know-how for ...