Computer security

Hackers can now take control of your iPhones and MacBooks camera instantly

MacBook and iPhone users, it is time for you guys to be on high alert. Hackers can now take control of your devices camera if you just visit a website, not even a malicious site using vulnerabilities in the Safari browser. Moreover, hackers can even control your microphones, location, and more. However, few days back Ryan Pickren, an ethical hacker identified the vulnerabilities in the Safari browser and reported it to Apple, for which Apple awarded him $75,000 USD as bounty. 

How does this hack work?

Apple has an in-built per-website basis procedure in Safari, allowing it to trust the websites that the users have visited already and are marked as legitimate sites. This will allow hackers to imitate some legitimate sites, making Safari believe it is trusted website and the deploy their malicious programs to hack the camera, microphone and more.

Similarly in iPhones, Safari can easily be manipulated, as it gives access to camera and microphone abruptly without the user consents. Also, parsed URL schemes allow hackers to leverage an exploit chain that has multiple flaws in the way the browser works, this works effectively for websites that are actively open. Thus hackers can easily fool the Safari, by using a fake file into changing the domain name using JavaScript, and make Safar believe it is opening https://google.com, but actually accessing bogus://google.com.

The researchers also mentioned that the hackers can even steal passwords using this hostname parsing vulnerability in Safari. Hackers can easily access the passwords in plain text when the browser autofill the passwords in that bogus site. They can also install malicious files in the system, after by-passing the auto-download prevention option by opening the site as a pop-up, and then further triggering the download. 

Below are the list of vulnerabilities under this attack vector, 

  • CVE-2020-3852
  • CVE-2020-3864
  • CVE-2020-3865
  • CVE-2020-3885
  • CVE-2020-3887
  • CVE-2020-9784
  • CVE-2020-9787

Here is the working demo of the hack, https://bugpoc.com/poc#bp-HHAQuUYC, but please use Safari to check this. 

How to fix this vulnerability?

After Pickren reported these vulnerabilities, Apple had released the patches for Safari in the versions 13.0.5 and 13.1 (the latest). Users can update their Safari to these versions to avoid becoming victim to this camera hack.

For enterprises, IT admins should ensure their patch management system had deployed these patches to the MacBook and iOS devices in time, for exceptions this is the time to update them. For enterprises who are yet to employ a patching mechanism, please employ one now, if there are only limited devices try free versions of patching solutions in the market.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on FacebookLinkedinInstagramTwitter and Reddit

Share the article with your friends
William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

Recent Posts

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

1 day ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

3 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago

Apple Device Management: Top Solutions for iOS and macOS Management

Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…

2 months ago