[HN Gopher] Hacking the Apple Webcam (Again)
___________________________________________________________________
Hacking the Apple Webcam (Again)
Author : sync
Score : 74 points
Date : 2022-01-25 18:58 UTC (4 hours ago)
(HTM) web link (www.ryanpickren.com)
(TXT) w3m dump (www.ryanpickren.com)
| throwaway81523 wrote:
| > "This research resulted in 4 0day bugs (CVE-2021-30861,
| CVE-2021-30975, and two without CVEs), 2 of which were used in
| the camera hack. I reported this chain to Apple and was awarded
| $100,500 as a bounty."
|
| Writing a secure browser for today's web appears to be a
| technological challenge comparable to a level 5 self-driving car.
| It has not been shown to be feasible. So such cars are not
| permitted to be deployed on the world's roads. Today's web sites
| and browsers should similarly not be deployed on the world's
| infobahns.
| Mougatine wrote:
| A $100,500 bounty seems pretty cheap compared to the severity of
| the issue, or is it common?
| moooo99 wrote:
| Reading articles like that always blows my mind. I can't even
| imagine how people can come up with exploit chains like that.
| Congratulations, well deserved bounty!
| alexk307 wrote:
| This is incredible and terrifying. Well done.
| sabujp wrote:
| congrats
| lodovic wrote:
| Such a good write up, well done!
| dmitriid wrote:
| > While this bug does require the victim to click "open" on a
| popup from my website, it results in more than just multimedia
| permission hijacking.
|
| That's why I'm so wary of browsers (well, a _certain browser_ )
| adding more and more APIs that hide behind permission popups.
| People _will_ blindly click them.
|
| And I fully agree with a sibling comment: "Writing a secure
| browser for today's web appears to be a technological challenge
| comparable to a level 5 self-driving car",
| https://news.ycombinator.com/item?id=30078738
___________________________________________________________________
(page generated 2022-01-25 23:00 UTC)