contador web Skip to content

There is a vulnerability in Safari that allows intruders to access iPhone and MacBook cameras

It is not only in videoconferencing applications, such as Zoom, that there are situations of vulnerability, which affect meetings between users in isolation due to the coronavirus. Cybersecurity investigator Ryan Pickren presented in detail the vulnerabilities of Apple's Safari browser on devices such as the iPhone and Android, which have since been fixed, so he should update the browser to the latest version.

As explained at Wired, Safari had three bugs that could be successfully exploited, leading malicious hackers to take control of both the webcam and the microphone of iOS and macOS-based equipment. All the victims needed to do to give attackers remote access to their equipment was to click on a malicious address.

The researcher says that Safari encourages its users to record their preferences to give permissions to websites, such as giving access to the microphone and camera to Skype. Hackers can develop malware to access equipment through contaminated websites and use phishing to entice visitors to click on their address.

The malicious website can deceive the browser into thinking that Skype is thus obtaining the same permissions previously given to Microsoft's conversion tool. From then on, hackers started using the camera to take pictures, turn on the microphone or even share the screen. This is because Safari lists the permissions given by users to different website variations as if they were the same: https://www.example, http://example and fake: //example. In this way, it is possible to generate malicious scripts embedded in pages with similar addresses and trick Safari into granting you access to users' given authorizations.