A stitch in time saves nine.
But that is not always true for a click.
Especially if you are using a Macbook or Apple iphone.
Just clicking on a website, malicious or otherwise, unknowingly loading malicious ads using Safari browser could have let remote attackers secretly access your device's camera, microphone or location and in some cases saved passwords as well.
Apple recently paid a $75,000 bounty reward to an ethical hacker, Ryan Pickren, who practically demonstrated the hack and helped the company patch a total of seven new vulnerabilities before any real attacker could take advantage of them.
The fixes were issued in a series of updates to Safari spanning versions 13.0.5 (released January 28, 2020) and Safari 13.1 (published March 24, 2020).
Three of the patched Safari flaws would allow faulty websites to impersonate any legitimate site and access camera or microphone by abusing the permissions that were otherwise exclusively granted by the visitor to the trusted domain only.
Safari browser grants access to certain permissions such as camera, microphone, location, and more on a per-website basis. That paves the way for websites like Skype to access the camera without requiring the user's permission every time the app is launched.
However, while third-party apps must require the user's clear consent to access the camera, Safari can access the camera or the photo gallery even without the same.
Particularly improper access is possible by leveraging an exploit chain that stringed together multiple flaws in the way the browser parsed URL schemes and handled the security settings on a per-website basis.
While using Safari the browser should be up-to-date and websites given access to only the essential settings.
ISOAH is the organization which makes your web infrastructure secure with anti hacking audits.
Read on for more cyber security stories: https://www.isoeh.com/exclusive-blog-details-apples-s-hacking-blackmailer-sentenced-in-London.html