Apple pays $100,500 to Hacker Who Hacked MacBook Webcam
Short News:-
Vulnerabilities in Apple's Safari 15 could allow attackers access to microphones and webcams. A security researcher discovered and reported the bugs to Apple. Last year, Apple patched a new set of vulnerabilities in macOS that could have allowed access to online accounts.
Detailed News:-
As recently as last year, Apple patched a new set of vulnerabilities in macOS that could have allowed malicious actors access to microphones and webcams, as well as online accounts.
There was a $100,000 bug bounty for a security researcher who discovered and reported the bugs to Apple. This underscores the severity of the issues that were found.
As a result of a series of security flaws in Safari 15, an attacker can gain "full access to every website ever visited by the victim," including Gmail, iCloud, Facebook, and PayPal accounts.
Concerning ShareBear, which prompts users when they try to open a shared document for the first time, are the issues. Once the user accepts to open the file, Pickren discovered that anyone with access to the file can alter the file's content to whatever they want.
Pickren wrote in a technical report that "ShareBear will then download and update the file on the victim's machine without any user interaction or notification." "In essence, the victim has given the attacker permission to plant a polymorphic file onto their machine and to remotely launch it at any time."
To put it another way, if the user agrees to open an image file in the.PNG format, the file's content and the extension will be changed to an executable binary ("evil.dmg"). You can now start exploiting Safari's additional security flaws to gain control of your computer's microphone and webcam, as well as to steal local files from your hard drive.
Bug in WebKit that could allow malicious apps to get around Gatekeeper checks has been identified as CVE-2021-30861
Malicious OSAX scripting additions could bypass Gatekeeper checks and circumvent sandbox restrictions because of CVE-2021-30975, a Script Editor vulnerability that allows them to do so.
This is Pickren's second time disclosing vulnerabilities in iOS and macOS that, if exploited, could be abused to gain access to the camera in an unauthorized manner by visiting a specially crafted website.
According to Pickren, the project was an exploration of how one application's design flaws can enable a variety of other unrelated bugs to become even more hazardous. Even with Gatekeeper enabled, an attacker can still achieve a great deal of mischief by tricking approved apps into performing malicious actions."
Post a Comment
Your suggestions and comments are welcome