safety
6 April 2020 - 11:05The vulnerabilities, corrected with the January and March updates, are to be found in WebKit, the open-source web rendering engine behind Safari
by Davide Urietti
A-A + shadow Print EmailTake control of the webcam and microphone on any device with an iOS or macOS operating system: this is what a hacker could have done if Apple had not corrected several vulnerabilities in Safari with the January and March updates. The discovery, made public recently, was actually known in Cupertino as early as December 2019, when the security researcher Ryan Pickren informed the Californian company: specifically, three different bugs used in succession would have allowed an attacker to access the webcam and the victim's microphone, if the victim clicked on a malicious link. "Safari encourages users to save their preferences in terms of permissions to be granted to the sites they visit - Pickren pointed out to Wired -. For example, you can choose whether to grant Skype access to webcam and microphone. A hacker, therefore, could have used this situation to deceive Safari ». Such as? By creating a fake site, but able to be recognized by the browser as the real Skype. At this point, the victim, clicking on the malicious link and having previously saved the usage preferences, without knowing it would have delivered the webcam and microphone in the hands of the hacker. The latter, therefore, would have had the opportunity to spy on the victim, take pictures, record audio and share the screen with other people.
The flaw in Safari (but few dangers)
Pickren also revealed how these flaws put all Apple users at risk, regardless of the type of device used: so iPhone, MacBook and iPad would all be vulnerable. However, he also ensured that none of the bugs revealed are present within the same defenses used by Apple for his devices. What the hacker exploits, in fact, is to be found in the flaws found in WebKit, the open-source web rendering engine behind Safari: Pickren explained that the vulnerabilities discovered are actually very old. Translated: While the bugs have been around for some time, Apple users have so far not taken any chances simply because hackers would not have known how to exploit the newly revealed flaws. And thanks to the work of Ryan Pickren they will have no way, because Apple has taken steps to correct the errors reported.
April 6, 2020 (modified April 6, 2020 | 11:05 am) © REPRODUCTION RESERVEDRead the contributions WRITE
