Latest in Gear

Image credit:

Safari flaw let intruders hijack cameras on iPhones and Macs

You only had to click a link for a hacker to eavesdrop on your activity.
Jon Fingas, @jonfingas
April 5, 2020
883 Shares
Share
Tweet
Share

Sponsored Links

Devindra Hardawar/Engadget

If you're working on a Mac at home or reconnecting with friends on an iPhone, you'll want to be sure you have the latest security updates. Security researcher Ryan Pickren has detailed recently patched Safari vulnerabilities that allowed intruders to hijack the cameras and microphones on iOS and macOS devices. A maliciously crafted website could trick Safari into believing the page had the same camera and mic permissions as one you'd already cleared, such as Skype. The attacker just needed a combination of specially-made web addresses with scripts to perform a "bait-and-switch."

If successful, the perpetrator could quietly capture audio and video and eavesdrop on victims. That could be a particularly serious issue when many are relying on webcams for remote meetings and classes during the COVID-19 pandemic.

Apple fixed the issues relatively quickly after their initial disclosure in December, with patches following in January and March. Pickren noted to Wired that some of the patches touched on "really, really old" bugs in WebKit, though, and they were coming to the forefront because of how hackers might use them in the modern era. In other words, iOS and Mac users may have dodged attacks simply because crooks and creeps weren't looking for these kinds of exploits until relatively recently.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
883 Shares
Share
Tweet
Share

Popular on Engadget

Inside Indonesia's fight to save its most important soil

Inside Indonesia's fight to save its most important soil

View
Cowboy upgrades its e-bike with a carbon belt and puncture-resistant tires

Cowboy upgrades its e-bike with a carbon belt and puncture-resistant tires

View
Hulu will cut off older Roku players after June 24th

Hulu will cut off older Roku players after June 24th

View
'Project Cars 3' trailer has some sim racing fans worried

'Project Cars 3' trailer has some sim racing fans worried

View
Kitty Hawk moves on from its original flying car project

Kitty Hawk moves on from its original flying car project

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr