Safari Flaws Exposed Webcams, Online Accounts, and More

Usually the worst thing that happens when you have dozens of browser tabs open is you can’t find the one that suddenly starts blasting random ads. But a group of macOS vulnerabilities—fixed by Apple at the end of last year—could have exposed your Safari tabs and other browser settings to attack, opening the door for hackers to grab control of your online accounts, turn on your microphone, or take over your webcam.

MacOS has built-in protections to prevent this sort of attack, including Gatekeeper, which confirms the validity of the software your Mac runs. But this hack got around those safeguards by abusing iCloud and Safari features that macOS already trusts. While poking for potential weaknesses in Safari, independent security researcher Ryan Pickren started looking at iCloud’s document-sharing mechanism because of the trust inherent between iCloud and macOS. When you share an iCloud document with another user, Apple uses a behind-the-scenes app called ShareBear to coordinate the transfer. Pickren found that he could manipulate ShareBear to offer victims a malicious file. 

In fact, the file itself doesn’t even have to be malicious at first, making it easier to offer victims something compelling and trick them into clicking. Pickren found that because of the trusted relationship between Safari, iCloud, and ShareBear, an attacker could actually revisit what they shared with a victim later and silently swap the file for a malicious one. All of this can happen without the victim receiving a new prompt from iCloud or realizing that anything has changed. 

Once the hacker has staged the attack, they can essentially take over Safari, see what the victim sees, access the accounts the victim is logged into, and abuse permissions the victim has granted websites to access their camera and microphone. An attacker could also access other files stored locally on the victim’s Mac.

“The attacker is basically punching a hole in the browser,” says Ryan Pickren, the security researcher who disclosed the vulnerabilities to Apple. “So if you’re signed in to Twitter.com on one tab, I could jump into that and do everything you can from Twitter.com. But that’s nothing to do with Twitter’s servers or security; I as the attacker am just assuming the role that you already have in your browser.”

In October, Apple patched the vulnerability in Safari’s WebKit engine and made revisions in iCloud. And in December it patched a related vulnerability in its Script Editor code automation and editing tool.

“This is an impressive exploit chain,” says Patrick Wardle, a longtime researcher and founder of the macOS security nonprofit Objective-See. “It’s clever that it exploits design flaws and creatively uses built-in macOS capabilities to circumvent defense mechanisms and compromise the system.”

Pickren previously discovered a series of Safari bugs that could have enabled webcam takeovers. He disclosed the new findings through Apple’s bug bounty program in mid-July, and the company awarded him $100,500. The amount is not unprecedented for Apple’s disclosure program, but its size reflects the severity of the flaws. In 2020, for example, the company paid out $100,000 for a crucial flaw in its Sign In With Apple single sign-on system.

Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
John Wick 4 referred to by Keanu Reeves thumbnail

John Wick 4 referred to by Keanu Reeves

Keanu Reeves a été amené à s’exprimer sur John Wick 4 au cours d’une entrevue menée par le site Today. L’occasion pour l’acteur de dévoiler quelques informations au sujet du prochain volet de la franchise. John Wick occupe une place centrale dans le cinéma d’action. Sorti en 2014, le premier volet a rencontré un vif…
Read More
Media Buying Briefing: Has artificial intelligence reached ubiquity across the media agency landscape? thumbnail

Media Buying Briefing: Has artificial intelligence reached ubiquity across the media agency landscape?

Hardly a day goes by without some company within the marketing and media ecosystem announcing another artificial-intelligence-driven tool, technology, platform or data product in service of media buying and planning. Many of these advancements have been driven by dramatically altered consumer-behavior patterns toward digital consumption — leaving media agencies, creative shops and marketers scrambling to…
Read More
Index Of News
Consider making some contribution to keep us going. We are donation based team who works to bring the best content to the readers. Every donation matters.
Donate Now

Subscription Form

Liking our Index Of News so far? Would you like to subscribe to receive news updates daily?

Total
0
Share