Muongorori wezvekuchengetedza akawana zvinodarika hafu yegumi nembiri zero-zuva-kusagadzikana muSafari browser akawana madhora zviuru makumi manomwe neshanu kubva kuApple's Bug Bounty chirongwa. Zvimwe zvezvipembenene izvi zvinogona kubvumira vanorwisa kuti vawane mukana kune webcam pamakomputa eMac, pamwe nekamera yevhidhiyo pa iPhone uye iPad nharembozha.
Ryan Pickren nezve kusasimba mune akati wandei zvinyorwa pawebhusaiti yayo. Pakazara, akawana kusagadzikana kunomwe (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784 uye CVE-2020) , nhatu dzayo dzaive dzakananga nekubira kamera pamidziyo ine MacOS uye iOS.
Kukanganisa mukuchengetedza kwebrowser kwakabvumira mubiki kunyengedza Safari kuti afunge kuti saiti yakaipa yaive saiti yakavimbika. Yakakodzera JavaScript kodhi ine kugona kugadzira pop-up hwindo (senge yakamira webhusaiti, yakamisikidzwa banner ad, kana browser yekuwedzera) inogona kutanga kurwisa uku. Iye hacker anoshandisa chiziviso chake kukanganisa kuvanzika kwemushandisi, nekuda kwechimwe chikamu kune Apple inobvumira vashandisi kuchengetedza kuchengetedza pawebhusaiti. Nekuda kweizvozvo, webhusaiti ine hutsinye inogona kutevedzera yakavimbika vhidhiyo musangano musangano seSkype kana Zoom wobva wawana mukana kune kamera yemushandisi.
Pickren akaendesa zvaakawana kuApple, izvo zvakakonzera kuvandudzwa kuSafari muna Ndira (vhezheni 13.0.5) yakagadzirisa kusadzivirirwa katatu. Zvino muna Kurume, Apple yakaburitsa imwe vhezheni (vhezheni 13.1) yakavhara maburi ekuchengetedza akasara.
Kune avo vanoda ruzivo, "bughunter" yakatsanangura maitiro ekubira zvakadzama pa blog yake, iyo inotsanangura ruzivo rwehunyanzvi. Kana iri chirongwa cheApple Bug Bounty, kubhadhara kwezvipembenene zvakawanikwa kubva pamadhora zviuru zvishanu (zvishoma) kusvika kumadhora miriyoni imwe.
Source: 3dnews.ru