Advertisement
Top
apple image credit: Unsplash

Infosec chap: I found a way to hijack your web accounts, turn on your webcam from Safari – and Apple gave me $100k

January 26, 2022

Via: The Register
Category:

A security bod scored a $100,500 bug bounty from Apple after discovering a vulnerability in Safari on macOS that could have been exploited by a malicious website to potentially access victims’ logged-in online accounts – and even their webcams.

Ryan Pickren, last seen on The Register after scooping $75k from Cupertino’s coffers for finding an earlier webcam-snooping flaw, said the universal cross-site scripting (UXSS) bug in Safari could have been abused by a webpage to hijack a web account the user is logged into, which would be bad. It was also possible to activate the webcam.

Read More on The Register

RELATED PUBLICATIONS

Google, Apple gear to raise tracking tag stalker alarm
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
Massive security hole in VPNs shows their shortcomings as a defensive measure

Latest Publications

NCSC CTO: Broken market must be fixed to usher in new tech
EU probes Meta over its provisions for protecting children
Improving cyber defense with open source SIEM and XDR
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!