back to article Flaw hunter bags $75,000 off Apple after duping Safari into spying through iPhone, Mac cameras without permission

Independent security researcher Ryan Pickren has revealed how a malicious website could hack Apple's Safari browser on iOS and macOS to spy on the user through the computer's camera without prompting for permission. Pickren said Apple classified the bug as "one-click remote partial access to sensitive data," and awarded him $ …

  1. redpawn Silver badge

    Use our code its always better

    No you can't create a browser that works and is secure for even older hardware because... Apple!

    1. Andrew Hodgkinson

      Re: Use our code its always better

      From the article:

      He found flaws in rarely used specifications that browsers nevertheless have to implement in order to be compliant with other code, but which do not get the same level of attention as commonly used parts of the browser API.

      Pretty sure there'll be variants of this found, if you tried hard enough, in Chrome, Chromium, Opera, Firefox, Edge, MSIE...

      Yes, Apple's software quality is increasingly terrible, but rancid specs are the bane of the web world. There is a litany of errors, with increasingly absurd, edge case riddled and ginormous specs comprising a bad joke as we go from version to version. Look at HTML 4 or XHTML 1.1 versus HTML 5, for example, or even CSS 1 vs CSS 2.

      It's a nightmare of a job to implement this stuff. I know, I've done it, many years ago now; HTML 4 was new back then. I'm glad I'm not trying to do it in an HTML 5, CSS 3 world, especially not with modern JavaScript / ECMAScript and the bazillion flavours of that along with its ever-growing list of ever-more invasive interfaces into the host operating system as lazy programming (and a deficit of half-decent alternatives) continue to make engineers hell-bent on some kind of 'write once, run everywhere' model that competes with native-written applications tailored for the host operating system. Lowest common denominator is the _best_ outcome you can hope for. As for security? Forget it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020