And Apple has had a difficult time getting a handle on the problem, even when vulnerabilities are public for weeks or months. Safari and Webkit, though, have a particular set of security challenges because they are such massive platforms.
Pickren found that he could manipulate ShareBear to offer victims a malicious file. When you share an iCloud document with another user, Apple uses a behind-the-scenes app called ShareBear to coordinate the transfer. While poking for potential weaknesses in Safari, independent security researcher Ryan Pickren started looking at iCloud's document-sharing mechanism because of the trust inherent between iCloud and macOS. But this hack got around those safeguards by abusing iCloud and Safari features that macOS already trusts. MacOS has built-in protections to prevent this sort of attack, including Gatekeeper, which confirms the validity of the software your Mac runs.
But a group of macOS vulnerabilities-fixed by Apple at the end of last year-could have exposed your Safari tabs and other browser settings to attack, opening the door for hackers to grab control of your online accounts, turn on your microphone, or take over your webcam. Usually the worst thing that happens when you have dozens of browser tabs open is you can't find the one that suddenly starts blasting random ads.
0 kommentar(er)
