Until the last month, Apple was facing a vulnerability with its Safari browser in its iPhones, iPads and MacBook devices that allowed hackers to access the microphone and webcam. Although the company patched this vulnerability in January and March updates, still hackers can exploit is using of a single malicious link that will allow them access to the webcam of the devices.
This means once the user clicks on that link, hackers could silently activate the camera and microphone to click images, shoot videos and record audio. Well, this is one of the serious vulnerabilities that Apple is facing with its devices.
“Safari encourages users to save their preferences for site permissions, like whether to trust Skype with microphone and camera access,” said Ryan Pickren. Pickren is the same security researcher who found out the vulnerability and informed it to Apple.
“So what an attacker could do with this kill chain is make a malicious website that from Safari’s perspective could then turn into ‘Skype’. And then the malicious site will have all the permissions that you previously granted to Skype, which means an attacker could just start taking pictures of you or turn on your microphone or even screen-share,” added Pickren.
According to the report from the security researcher, when you click on that malicious link and approve certain permissions it asks in the Safari browser, it will apply to all the variations of that particular website, for instance, https://www.example.com, http://example.com, and fake://example.com. And so, these hackers can exploit this vulnerability by creating special URLs that would trick Safari in a similar way.
Pickren mentioned in his comment, “Part of this is that some of the bugs were really, really old flaws in the WebKit core from years ago. They probably were not as dangerous as they are now just because the stars lined up on how an attacker would use them today.”
As of now, there is no word from the company on this vulnerability, however, it may patch it soon with the upcoming updates to Safari browser.
For the latest tech news and updates, Install TechCodex App and follow us on Google News, Facebook, and Twitter. Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you.