A simple click can give threat actors permission to access your camera and microphone.
Since most of us are working from home due to COVID-19 hackers will try to exploit any chance to steal data. In this regard, recently a security engineer looked at Apple’s Safari ecosystem just to find seven critical zero-day vulnerabilities a threat to user’s privacy.
One of the most important findings was that hackers can access the microphone and camera of iOS and macOS devices. Does this mean Apple devices are no longer secure?
Because The Vulnerability Is Now Patched
For years, Apple has earned its reputation for security and it would take all measures to keep it that way. All the vulnerabilities found by Pickren were patched in January and March updates.
How did Ryan Pickren find this flaw?
The threat researcher found this bug from seemingly minor oversights.
To read detailed Pickren finding click here
What is the exploit and how can it risk user data?
Until now there weren’t these many users using webcam but due to coronavirus, we all are working from home and using webcams from video conferencing, video calls, etc. If hackers would have been able to find it before Pickren they could have used a maliciously crafted website to trick Safari into believing the page being visited has camera and mic permission the one granted to Skype. A combination of the specially made web address with scripts to perform a “bait-and-switch,” would be enough.
Safari, the default web browser saves users preferences for site permission like whether to trust a site with microphone and camera access or not?
Once all these permissions are saved Safari works in accordance to that to make things easy. To make this attack possible a hacker can create a malicious site that would have all the permissions granted to the previous site. This means the crook can turn on the microphone or can start taking pictures of you.
What to do to stay safe from such attacks?
Companies to fix these flaws release updates with security patches and bug fixes. To stay safe from such hacks users should always keep their system up-to-date and if they haven’t upgraded their Safari browser or system, they should do it now. This is the time to update your devices and stay safe.
What do you think if Pickren would have not unfolded this vulnerability what would be the case? Would all Apple users be a target? Please share your thoughts in the comments section.