#1 Trusted Cybersecurity News Platform
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: Safari Browser

Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam

Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam
January 31, 2022Ravie Lakshmanan
Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam. Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensated with a $100,500 bug bounty, underscoring the severity of the issues. By exploiting a chain of security issues with iCloud Sharing and Safari 15, it enables the attacker to hijack the multimedia permission and gain "full access to every website ever visited by the victim" in Safari, including Gmail, iCloud, Facebook, and PayPal accounts. The  issues  specifically concern ShareBear, an iCloud file-sharing mechanism that prompts users upon attempting to open a shared document for the first time. Taking advantage of the fact that users are never displayed the prompt again once they accept to open the file, Pickren found that it's possible to alter the file's content to

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking
January 16, 2022Ravie Lakshmanan
A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed  IndexedDB Leaks , was disclosed by fraud protection software company FingerprintJS, which  reported the issue  to the iPhone maker on November 28, 2021. IndexedDB is a low-level JavaScript application programming interface (API) provided by web browsers for managing a  NoSQL database  of structured data objects such as files and blobs. "Like most web storage solutions, IndexedDB follows a same-origin policy," Mozilla  notes in its documentation  of the API. "So while you can access stored data within a domain, you cannot access data across different domains." Same-origin is a  fundamental security mechanism  that ensures that resources retrieved from distinct  origins  — i.e., a  combination  of the scheme (protocol),
Deals — IT Courses and Software

Sign up for our cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.