Latest in Gear

Image credit:

Safari flaw let intruders hijack cameras on iPhones and Macs

You only had to click a link for a hacker to eavesdrop on your activity.
Jon Fingas, @jonfingas
April 5, 2020
883 Shares
Share
Tweet
Share

Sponsored Links

Devindra Hardawar/Engadget

If you're working on a Mac at home or reconnecting with friends on an iPhone, you'll want to be sure you have the latest security updates. Security researcher Ryan Pickren has detailed recently patched Safari vulnerabilities that allowed intruders to hijack the cameras and microphones on iOS and macOS devices. A maliciously crafted website could trick Safari into believing the page had the same camera and mic permissions as one you'd already cleared, such as Skype. The attacker just needed a combination of specially-made web addresses with scripts to perform a "bait-and-switch."

If successful, the perpetrator could quietly capture audio and video and eavesdrop on victims. That could be a particularly serious issue when many are relying on webcams for remote meetings and classes during the COVID-19 pandemic.

Apple fixed the issues relatively quickly after their initial disclosure in December, with patches following in January and March. Pickren noted to Wired that some of the patches touched on "really, really old" bugs in WebKit, though, and they were coming to the forefront because of how hackers might use them in the modern era. In other words, iOS and Mac users may have dodged attacks simply because crooks and creeps weren't looking for these kinds of exploits until relatively recently.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
883 Shares
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
'Avatar: The Last Airbender' creators leave Netflix's live-action series

'Avatar: The Last Airbender' creators leave Netflix's live-action series

View
Puerto Rico’s Arecibo radio telescope suffers serious damage

Puerto Rico’s Arecibo radio telescope suffers serious damage

View
A 'GoldenEye 007' fan remake is dead after a cease and desist demand

A 'GoldenEye 007' fan remake is dead after a cease and desist demand

View
You can pre-order Microsoft's Surface Duo foldable phone today

You can pre-order Microsoft's Surface Duo foldable phone today

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr