Is the web browser targeted by hackers so that it becomes multifunctional?The dilemma visible from the vulnerabilities of "Safari" and the important things to know
Photograph: NOAM GALAI/Getty Images
Suppose you have multiple tabs with a web browser.The worst thing that causes it is usually the only struggle when looking for a tab that the advertising video has suddenly begun to play.Is it okay to use that convenient "browser extension"?The way to make sure that it is really safe was that Apple's series of MacOS vulnerabilities, which Apple modified at the end of 2021, could use the tabs of the web browser "Safari" to external attacks.This vulnerability could have controlled the user's online account, enabled microphones, and hijacked a webcam.For the purpose of preventing these attacks, MacOS incorporates functions such as "Gatekeeper", a security technology that confirms the reliability of the software executed by the Mac.However, the attack method was to exploit the functions of "iCloud" and Safari, which MacOS already trusted, to avoid these security functions.Ryan Pickren, an independent security researcher, began to focus on iCloud's document sharing functions while investigating Safari's potential vulnerabilities.Because there is a trust relationship between iCloud and MacOS.When a user shares an iCloud document with another user, a document is performed by an iCloud shared application called "Sharebear".Picklen found that the operation of Sharebear could send malicious files to the victim.In fact, at first, the file itself doesn't have to be malicious.That's because sending some plausible files will make the victim deceive and click.The attacker can access files shared with the victims later because there is a trusting relationship between Safari, iCloud, and Sharebear.And picklain found that it could be secretly replaced with a malicious file.The victim does not receive a new command from iCloud, and can do all of them without noticing the files at all.Once an attack is set, the attacker can basically take over Safari.You can browse what the victim is browsing, access the account that the victim is logged in, and abuse access to the camera and microphone that the victim has permitted on the website.You can also access other local files stored on the victim's Mac."It's basically like an attacker is drilling a browser," said Pickren, who reported to Apple a vulnerability."One user is on one tab" Twitter.If you sign in to COM, the hacker accesses it and you can do everything you can on Twitter.But it has nothing to do with Twitter services and security.The attacker is simply inheriting and executing what he is already running on his own browser. "