Security flaw discovered on Safari browser would hack iPhones and Macs
Last week it was published, having been discovered on Apple's browser, Safari, a security flaw deemed critical.
This security flaw would allow a hacker to access the webcam and microphone of your iPhone or iMac. "The flaw in the Webkit rendering engine allows you to obtain permission to access sensitive components without your consent and thus spy on you without your knowledge. David Igue, IT journalist, explained.
This article will also interest you: Hacking the Apple Mac, something that seems so easy for some experts
Apparently the security flaw is an old vulnerability that was discovered by Ryan Pickren, a computer security researcher, during one of a Bounty bug program that recently exposed it with Apple's permission. In simpler terms, the vulnerability would come from a system of requesting permission. Indeed, when users are on a website, and browsing, the site asks for permission to access the microphone or the webcam of the iPhone or Mac, the browser of Apple usually keeps the parameters of the authorization, so that next time, the request does not repeat. Just to make navigation easier. It is exactly this aspect that is causing the basis of our problem. Because by using a malicious script, a hacker can mislead the browser, by making it believe, that the site under its control also has the same rights of access to the webcam and the microphone of the terminals. At least that is how the researcher proceeded. It should then be noted that it is this "confusion in the form of a chain reaction that would make a malicious site similar to Skype (for example), from Safari's point of view," explained researcher Ryan Pickren.
Under some (still vulnerable) terminals, this Safari vulnerability allows the hacker to "discreetly launch webcam infiltration software to record conversations and take photos, or even perform screen sharing." Detail the researcher. It is for this reason that he strongly recommended updating these iPhone or Macs devices as soon as possible. Since January and March, fixes have been proposed to close the security loophole. Apple had been informed for some time, in the course of December 2019 by the researcher when it discovered the vulnerability during the program. He pocketed a $75,000 reward after alerting the American giant to the problem.
Moreover, such a security flaw is truly dangerous in this period of containment, because the use of webcam communication means is really increased with the explosion of Internet traffic. It would be prudent then to make sure that all of its terminals are up to date.
This case further demonstrates that Apple's Bounty bug program has notable advantages. It will be a way for the American giant to make up for the mistakes made towards the end of 2019 in terms of the safety of this device.
Now access an unlimited number of passwords: