Safari Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/safari/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Mon, 19 Feb 2024 22:30:42 +0000 en-US hourly 1 https://wordpress.org/?v=75400 200474804 “Your Connection is Not Private” Error — Fix Guide https://gridinsoft.com/blogs/your-connection-is-not-private-error-fix/ https://gridinsoft.com/blogs/your-connection-is-not-private-error-fix/#respond Tue, 06 Dec 2022 22:04:52 +0000 https://gridinsoft.com/blogs/?p=12414 When accessing a website in Chrome, an error message can pop up stating that your connection is not private. This indicates that the browser has failed to meet the security requirements. If you see a warning message on your screen with the title “Your Connection is Not Private”, it means your browser isn’t able to… Continue reading “Your Connection is Not Private” Error — Fix Guide

The post “Your Connection is Not Private” Error — Fix Guide appeared first on Gridinsoft Blog.

]]>
When accessing a website in Chrome, an error message can pop up stating that your connection is not private. This indicates that the browser has failed to meet the security requirements.

If you see a warning message on your screen with the title “Your Connection is Not Private”, it means your browser isn’t able to verify the safety of the site. Visiting an unsafe or unsecure website could expose your personal information to potential risks. Each time you open a site, the browser checks the security certificate to ensure the site will protect your privacy. While the certificate is not valid, expired or absent, that’s a potential source of a threat to your privacy.

Why does “Connection Not Private, Google” appear?

Websites protect your data with SSL/TLS encryption. Certificates act as the insurance that the site really encrypts the data and uses proper technology for this purpose. If a user’s browser doesn’t recognize the certificate, the error “Google, Your connection is not private” appears. This error occurs because many websites that use SSL require security over HTTP (HTTPS).

HTTP vs HTTPS

There are numerous reasons why a website’s SSL certificate can’t be verified. One possibility is that it has been tampered with and isn’t functioning as intended. Alternatively, the certificate might have expired or be missing altogether. In any case, the webmaster must correct any error on their site in order to verify it. Even though the steps for each browser are similar, sometimes your device or browser settings might be malfunctioning and unable to connect to the website you’re trying to access. You can usually fix this yourself by following the same process for all browsers.

What the “Your connection is not private” message looks like in any browser other than Chrome.

Each browser displays the “Your connection is not private” message differently. Some even tweak the warning to read, “Your connection is not secure.” Others provide error codes to help you troubleshoot. Most throw up literal warning signs. Here’s what you might see.

Google Chrome

When Google Chrome is having trouble recognizing a certificate, it will display a large red question mark and inform you.

Common Error Codes:

  • ERR_SSL_VERSION_OR_CIPHER_MISMATCH
  • NET::ERR_CERT_AUTHORITY_INVALID
  • ERR_CERT_SYMANTEC_LEGACY
  • NET::ERR_CERT_COMMON_NAME_INVALID
  • NTE::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED The certificate is invalid.

Mozilla Firefox

If Mozilla Firefox fails to recognize the certificate, it will display a lock with a red slash over it as well as the message.

Common error codes:

  • ERROR_SELF_SIGNED_CERT
  • MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED
  • SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE
  • MOZILLA_PKIX_ERROR_MITM_DETECTED
  • SEC_ERROR_OCSP_INVALID_SIGNING_CERT
  • SSL_ERROR_BAD_CERT_DOMAIN

Safari

Other browsers, such as Safari, don’t immediately provide you with error codes. Instead, it’ll return a red lock that has been crossed out and the message:

  • “This connection is not private, Chrome”.
  • “Website may appear to be impersonating domain.com in order to obtain personal or financial information. You should return to the previous page.”

I too might provide a link to the certificate via a "show details" button, this would allow you to understand the potential risks associated with visiting the website.

Microsoft Edge

Microsoft Edge mimics the Google Chrome error message “your connection is not private,” including the red exclamation mark.

Common Error Codes:

  • DLG_FLAGS_INVALID_CA
  • DLG_FLAGS_SEC_CERT_CN_INVALID
  • Error Code: 0
  • NET::ERR_CERT_COMMON_NAME_INVALID

How to correct “Your Connection to This Site is Not Private” Error

1. Reboot the Page

This may seem obvious, but one of the simplest and most effective things you can attempt to resolve the issue by closing and reopening your browser and attempt to load the page again. It’s possible that the website’s owner is currently reissuing their SSL certificate or there was a problem with your browser.

2. Check the Time and Date

While your computer’s date and time are out of sync with those displayed on your browser, this privacy error will appear. Additionally, it may display the SSL certificate of a website as having expired, which would also cause the error. Go into your computer’s settings and adjust the time and date when itф necessary. After that you’ve refreshed the page, reload it.

3. Update your Operating System

Google recommends upgrading your device’s operating system if you get this “the connection is not private” error. An outdated computer may lack the capability or willingness to recognize or utilize updated websites or SSL certificates. To update the operating system on macOS, go to System Preferences > Software Update. After all, check for updates and set them up.

Update macOS

On a Windows computer, enter the Сontrol Panel > Search for update > Check for updates and set up them.

Update Operating System Windows

4. Check the Antivirus Software

Follow the instructions below if you encounter “Your connection is not secure, Chrome. Antivirus and privacy programs can block some secure server certificates or even cripple network connections. They can be protective to the point of preventing your connection from being private. To test this, temporarily disable the software and try browsing.

5. Clear Browsing Data

Computer cookies help make each online session more personalized based on past activity. They can also help increase convenience when purchasing products or logging into websites by remembering personal information and payment methods. However, not having a private connection can cause security concerns as well. Each browser clears cookies differently. Clearing your browsing history removes all private data from your device, but also prevents you from truly enjoying a secure browsing experience.

To delete the history, cache, and other browser data from Google Chrome browser:

  • First of all, enter Settings → Show advanced settings → Clear browsing data under Privacy options.

However if deleting browsing history doesn’t help, you can also reset the browser’s settings to the default.

To reset your Chrome browser settings:

  • Firstly, click on the Chrome menu → Settings → Show advanced settings → Reset settings → Reset.

Deleting the chrome cache and removing unwanted Google Chrome extensions also has a significant impact in this situation.

For data removal in from Mozilla Firefox browser:

  • Tap the menu button and choose Settings.
  • Choose the Privacy & Security panel and enter the Cookies and Site Data section.
  • Click the Clear Data… button. The Clear Data dialog will appear.
  • Clear Data dialog to fix “Your Connection is Not Private” Error

  • You should also select the following options: Cookies and Site Data (to remove login status and site preferences) and Cached Web Content (to remove stored images, scripts and other cached content).
  • Clear the screen.

To delete the cache, history, and other browser data from Safari browser:

  • In order to your history and cookies, go to Settings > Safari, and select Clear History and Website Data. Deleting your history, cookies, and browsing data from Safari will not alter your AutoFill information.
  • Delete your history and cookies

  • Going to remove your cookies and preserve your history, go to Settings > Safari > Advanced > Website Data, then select Remove All Website Data.
  • If you want to avoid leaving a digital footprint, turn Private Browsing on.

To delete the cache, history, and other browser data from Microsoft Edge browser:

  • Choose Settings and more > Settings > Privacy, search, and services.
  • After that under Clear browsing data > Clear browsing data now, choose Choose what to clear.
  • Under Time range, select a time range from the drop-down menu.
  • Select the ways of browsing data you want to clean (see the table for descriptions).
  • For example, you may want to delete cooking and browsing history but keep passwords and form fill data.
  • Select Clear now.

Contact your system administrator

In some situations, you may have no access to the browser settings. That depends on the policies set by your system administrator. If you face connection issues, but cannot open the Settings, ask it for help. Such restrictions usually see usage to prevent any malware-related alterations, but sometimes that can end up with problems with some daily needs.

Stay Safe and Secure While Browsing Online

The error “Your connection is not private, Google” is one of the most beneficial messages you can receive because it protects your personal information. Simply encountering this error isn’t cause for concern, there are numerous innocuous reasons why your connection may not be safe. By attempting the methods listed above, you can efficiently identify and address the cause of the error. If none of the accordingly steps decide the issue, simply leave the website and find another option.

The post “Your Connection is Not Private” Error — Fix Guide appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/your-connection-is-not-private-error-fix/feed/ 0 12414
Calendar Virus Removal on iPhones & Mac https://gridinsoft.com/blogs/how-to-get-rid-of-calendar-virus/ https://gridinsoft.com/blogs/how-to-get-rid-of-calendar-virus/#respond Tue, 08 Nov 2022 20:13:57 +0000 https://gridinsoft.com/blogs/?p=11676 Calendar virus may not sound familiar to most users. What’s likely happening is that a calendar is spamming you with appointments; it’s just mistakenly appeared in your calendar. Whenever you receive a notification from one of these appointments, you must refrain from clicking any links within the message. Doing so could infect your device with… Continue reading Calendar Virus Removal on iPhones & Mac

The post Calendar Virus Removal on iPhones & Mac appeared first on Gridinsoft Blog.

]]>
Calendar virus may not sound familiar to most users. What’s likely happening is that a calendar is spamming you with appointments; it’s just mistakenly appeared in your calendar. Whenever you receive a notification from one of these appointments, you must refrain from clicking any links within the message. Doing so could infect your device with malicious software that steals your personal information. Please continue reading to learn why you received this notification in your calendar and how to fix it.

What is a calendar virus?

App calendar malware, also called Calendar Virus for iOS or iPhone calendar virus, is a kind of spam targeted on Apple devices, that adds fake subscribed calendar accounts to a user’s device without their consent. Affected devices could be iPads, Mac computers, Watches or iPhones. As a result of the spam, users receive notifications for “events” containing malicious links. Its effects are similar to what adware brings to the system it runs in. The terms “iPhone calendar spam” and “iOS calendar spam” refer to this Apple OS activity. This type of notification may contain disturbing headers to force you to follow the link. Here are examples of similar messages:

Virus on iPhone? Clean up now!

Ensure your online protection, click now!

Your phone is not protected! Click to protect

Keep your iPhone safe from malicious attacks!

Your iPhone is infected with a virus! delete it now

Some messages will arouse the user’s curiosity and sense of urgency. Usually, after a user follows something like this and clicks a link, it launches malicious sites or questionable software on his device. Alternatively, it can redirect the victim to phishing pages.

Where does the iPhone Calendar Virus come from?

After all the above characteristics, you probably wonder where fake invitations appear on the calendar. Like most other malware and viruses, calendar viruses are often spread through the same malicious sites as they advertise, or social engineering. So, how to get rid of the calendar virus? Here are some typical ways of being infected by that nasty thing:

1. Attackers have got hold of your email address.

If the attacker has your email address, it means that in the future, you will be a target of email spam. This happens after you enter your email address on unfamiliar websites to confirm something or to buy a product. Usually, such shady sites can sell your information to make money – and they don’t care about customers’ comfort. In rare cases, emails leak when companies suffer from data leaks.

Phishing email
Example of a phishing email from attacker

2. You inadvertently clicked on a malicious link.

Some scam websites might use fake captcha puzzles to bypass site warnings and trick you into downloading malware. Alternatively, they can use disguised calendars as captchas to trick you into subscribing to them. If you’re in a hurry, clicking OK might be easier than selecting any other option.

3. Receiving a spam link by text message

After clicking on a spam text that directs you to “track a package”, you subscribe to a calendar full of appointments, like “critical threats” and similar warnings. One of these spam messages might request tracking information and provide a link for accessing the Calendar.

Spam text message

How to clear calendar virus iPhone

Apple products are linked within the ecosystem. Once you get spam on your iPhone calendar, it will also show up on your other Apple devices. The tips below should help you get rid of calendar spam on your iPhone, iPad, Mac, and anywhere else. But how to remove the iPhone calendar virus from all devices simultaneously?

For Newer iPhones:

  • Go to Settings→Calendar→Accounts Calendar virus - adjust settings on iPhone
  • Find an account you don’t recognize and delete it. Calendar virus account name may be something like "Calendar Events", "Events Calendar", "Calendar Events Viewer", or similar.
  • Delete all calendar accounts you don’t know. Delete unused calendars
  • After removing, your event should be normalized.

For Older iPhones:

  • Go to the Calendar app.
  • Press Calendar at the bottom of the screen
  • Find a calendar you need. Click the More info button next to it, then scroll down and click Delete Calendar.

Cleaning Calendar Virus From your Mac:

  • Run Calendar (or iCal) Run Calendar iMac
  • Press Calendar in the menu bar and select Settings
  • At the General tab, from the Default Calendar menu, select only the Calendar you want to use. Click “Save”. Calendar list
  • Make sure that calendars you do not want to recognize or use are not selected or saved. This will delete them. Delete excesive calendars

Cleaning Calendar Virus from iCloud.com:

  • Go to Calendar> Click the gear icon > Settings
  • From the default menu, select only the Calendar you want to use. Opt for "Save"
  • Make sure calendars you don’t know or don’t want to use are not selected or saved

How to stop iPhone calendar spam?

Successful counteraction requires proactive action and increased preparedness for the virus to be caught at any time you visit third-party sites. Therefore, below is a guide to reducing the risk of hacking your account.

1. Block pop-ups in Safari

You can enable warnings for fraudulent websites on your iPhone or iPad by going to Settings > Safari, then navigating to the Websites tab. On a Mac, you can access this functionality by navigating to Safari > Preferences. Inside the Preferences section, find the Security tab and toggle Fraudulent Websites Warnings. Keep in mind the security of your Safari web browser pages, this is important.

Block Safari pop-ups Calendar virus

2. Be careful where you click.

Do not interact with fake calendar notifications; instead, delete them. Also, be wary of links and attachments in messages that indicate text or email with unknown content. And when encountering captchas, avoid tapping or clicking on them. For example, when responding to an appointment, it’s imperative not to click on any links or active sections of the message. Instead, respond by swiping from right to left and selecting Delete. Your iPhone may prompt you to Report Junk; if this happens, report the message by tapping Report Junk and then pressing Confirm.

Delete spam message with calendar virus

3. Review and change your calendar settings

One of the best ways to reduce calendar spam is to block notifications. However, it’s also a good idea to make sure none of your devices are set to accept calendar invitations automatically. While this setting is convenient for busy people, it can be used as a loophole to inject unwanted spam into the Calendar. To change your calendar preferences:

  • Sign in to your iCloud account and select Calendar
  • Click the gear icon in the bottom left corner of the app screen and select Settings.
  • Press at the Advanced tab.
  • In the "Invitation" subsection, click the radio button next to the "Send an email to [your email address]" option to make this your default instead of "In-App Notifications."

The post Calendar Virus Removal on iPhones & Mac appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/how-to-get-rid-of-calendar-virus/feed/ 0 11676
Safari Can’t Establish a Secure Connection Error https://gridinsoft.com/blogs/safari-cant-establish-secure-connection-how-to-fix/ https://gridinsoft.com/blogs/safari-cant-establish-secure-connection-how-to-fix/#respond Thu, 20 Oct 2022 16:59:40 +0000 https://gridinsoft.com/blogs/?p=11236 The “Safari Can’t Establish a Secure Connection” error message appears when browsing the web on a Mac. It may be met by anyone during their daily routine browsing. These messages often state that Safari has been unable to connect to the server securely. There are multiple reasons why many people encounter this error message in… Continue reading Safari Can’t Establish a Secure Connection Error

The post Safari Can’t Establish a Secure Connection Error appeared first on Gridinsoft Blog.

]]>
The “Safari Can’t Establish a Secure Connection” error message appears when browsing the web on a Mac. It may be met by anyone during their daily routine browsing. These messages often state that Safari has been unable to connect to the server securely. There are multiple reasons why many people encounter this error message in their Safari browser. This post will help you understand the issue and its common causes. It also explains several solutions that can remedy the situation.

What’s the “Safari Can’t Establish a Secure Connection to the Server” Error?

Apple devices come with a security feature that ensures they’re safe and secure while browsing the web. This makes Apple computers one of the safest options for using the Internet.

This is why Safari, the browser that this website was originally intended to be viewed in, sometimes blocks users from accessing a website that it believes isn’t secure. When this happens, the error message displayed will typically state Safari Cannot Open the Page Cannot Establish a Secure Connection.” Error notifications may include different wordings and may appear in any format. As an example, the image above shows a notification that reads “Safari Can’t Open This Page.”

Related Content for Users:
Many problems with the Internet and downloading can be triggered by the problem of the computer freezing. How to prevent PC crashes randomly?

Such notification may appear when you are visiting the site with an SSL certificate expired and an unsecure connection. It means the browser doesn’t trust the encrypted data on the site and also indicates that Safari could not successfully access and verify the information. This can happen if a site doesn’t have its SSL certificate configured properly. It’s important to use Secure Socket Layer (SSL) and the SSH protocol on websites these days. This is especially true for any websites hosting sensitive data such as a WooCommerce store.

What Causes “Safari Can’t Establish a Secure Connection to the Server” Error?

This error message is usually due to one of two reasons: the website you’re trying to access isn’t secure enough or Safari can’t verify that it is.

To properly fix the “Unable to establish a secure connection” problem and solve it, you need to understand why the site is considered unsecured. Sometimes you may not know what the root cause of a problem is until you investigate different possible solutions.

Several common third-party extensions and add-ons cause the error “Safari cannot establish a secure connection to the server”. This error can occur if you have one of these extensions or add-ins installed. Even a minor error can cause “No secure connection to the server” problems. However, it may be something more complicated, like the version of the Internet protocol you use. The most common reason for the error is the expiration of the SSL site certificate.

How To Fix the “Safari Could Not Establish a Secure Connection to the Server” Error (6 Solutions)

Now that we know what the problem is, and its causes, then we can look at a few ways to fix it. With these tips, you can forget about this bug in your browser.

1. Clear Your Browser Data

Every time you visit a browser, Safari saves some of your data in cookies and caches in your browser. If this data contains outdated data that relates to site encryption or SSL, then this may be the reason for the error message. So to fix the “Safari Cannot Establish Secure Connection to the Server” problem, you should first clear the cache. Then, tap on Preferences > Privacy, then choose Remove All Website Data.

Clear cache to deal with Safari Can’t Establish a Secure Connection error
Clear the browser cache in Safari

After you have uploaded, you can choose which sites you want to delete the data from. When you finish, click the Done button at the bottom of the screen. After that, to clear your entire browsing history, you can navigate to Safari > History > Clear History.

Clear history to remove Safari Can’t Establish a Secure Connection error

When you are finished, try visiting the site where the error was displayed. If the error has not disappeared, go to the next solution.

2. Check Your Device’s Date and Time

As odd as it may seem, if your Mac device displays an incorrect date and time, it can sometimes cause problems with Safari. Therefore, it is very important to make sure your time zone and date are set correctly.

To do it, you can tap on the Apple icon, then navigate to System Preferences > Date & Time.

Set the proper date to eliminate Safari Can’t Establish a Secure Connection error
Find the date and time option in the preferences

After that, you can confirm that you’re using the right date and time.

Set date and time
Confirm that you are using the correct date and time

You can also have your device automatically sync to your current location on the Time Zone tab. Once done, you can close the window and try accessing the site again.

3. Change Your DNS Settings

If the error persists, you should check your DNS (Domain Name Server) settings. In short, your DNS is like a phone book, allowing devices and websites to access each other. Safari uses your DNS settings to connect to websites.

If there is a problem with your DNS settings, you may see the “Safari cannot open page secure connection” message. To see if this is the case (and fix it), you can try changing your DNS address. For example, you can use Google’s public DNS. Go to Apple > System Preferences > Network.

Network options
Find the network option in the preferences

From this window, choose your connection, then tap on the Advanced tab, followed by DNS. Next, click on the (+) icon next to IPv4 or IPv6 addresses.

DNS settings macOS
Click on the DNS tab

After that you can enter the new DNS IP addresses. For example, if you want to use Google’s Public DNS, you can type “8.8.8.8” and “8.8.4.4”.

Change DNS settings to remove Safari Can’t Establish a Secure Connection error
Enter the new DNS IP addresses

When you’re finished, tap on the OK button. Recheck the website to see if this process deleted the error message.

4. Uninstall or Disable Your Browser Extensions

As mentioned earlier, extensions or add-ons in your browser can interfere with Safari’s ability to securely connect to websites. This is sometimes common with antivirus programs and security-related extensions.

So, in the next step, try disabling all browser extensions. You can do this by opening Safari, then navigating to Preferences and clicking the Extensions tab.

Disable browser extensions Safari
Disable or uninstall browser extensions

A list of your extensions will appear in the left column. You can disable an add-on by clicking the check mark next to its name.

Once done, try accessing the site again. If this fixes the “Cannot secure connection to server” problem, you need to determine which extension is to blame. You can do this by systematically activating each plugin and visiting the website each time.

5. Disable IPv6

Internet Protocol (IP) is a set of rules that govern how data moves across the Internet. IPv6 is a newer protocol version. However, some websites still use the old version of IPv4. If this is the case, you may see the “Safari cannot establish a secure connection” message.

So you can try disabling IPv6 on your network. To do this, navigate to System Preferences > Network again, then click your network connection, then click the Advanced button.

On the TCP/IP tab, click the drop-down menu under Configure IPv6 and select Manual.

IPv6 configurations macOS
Configure IPv6 and select Manually

When done, click the OK button. If IPv6 is the problem, this should do the trick. If not, you can try the last solution.

6. Make Sure Keychain Trusts the Certificate

We’ve already mentioned that sometimes Safari may display a connection error message if it cannot verify the validity of a website’s SSL certificate. If this is the case, you can fix this by configuring the settings in the macOS Keychain Access app.

Keychain Access is an application that stores your passwords, account information, and application certificates. It protects your data and can control which websites your device trusts. So you can tell it to accept SSL certificates for websites in the future.

To do this, go to the website that displayed the error message, then click the lock icon to the left of the address bar, then click View/View Certificate > Details.

Check cert trust Keychain
Check if Keychain trusts the certificate

With the details pane expanded, click Ctrl + Spacebar. The Spotlight search bar will appear in the upper right corner of the screen. In the search box, enter "keychain".

Then click the system root directory on the left. Find the website’s certificate. Once you find it, go to the “Trust” section. Then click the drop-down menu next to the “When using this certificate” section and select “Always Trust”:

Change certificate trust settings
Select the “Always Trust” option

That’s it! You should now be able to successfully access the website without the “Safari Cannot Open the Page Secure Connection” error.

Safari Can’t Establish a Secure Connection Error

The post Safari Can’t Establish a Secure Connection Error appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/safari-cant-establish-secure-connection-how-to-fix/feed/ 0 11236
Google says that a quarter of all 0-day vulnerabilities are new variations of old problems https://gridinsoft.com/blogs/google-says-that-a-quarter-of-all-0-day-vulnerabilities-are-new-variations-of-old-problems/ https://gridinsoft.com/blogs/google-says-that-a-quarter-of-all-0-day-vulnerabilities-are-new-variations-of-old-problems/#respond Thu, 04 Feb 2021 16:26:57 +0000 https://blog.gridinsoft.com/?p=5069 Google analysts studied the 0-day vulnerabilities they discovered in 2020, and concluded that almost a quarter of the problems are new variations of already known bugs that had previously received patches. The authors of the report write that many problems could have been avoided if the developers immediately corrected their products more thoroughly. In 2020,… Continue reading Google says that a quarter of all 0-day vulnerabilities are new variations of old problems

The post Google says that a quarter of all 0-day vulnerabilities are new variations of old problems appeared first on Gridinsoft Blog.

]]>
Google analysts studied the 0-day vulnerabilities they discovered in 2020, and concluded that almost a quarter of the problems are new variations of already known bugs that had previously received patches.

The authors of the report write that many problems could have been avoided if the developers immediately corrected their products more thoroughly.

In 2020, thanks to the work of the Google Project Zero team, were identified 24 zero-day vulnerabilities, which were actively exploited by hackers. Six of them (in Chrome, Firefox, Internet Explorer, Safari and Windows) turned out to be new versions of previously known vulnerabilities. Supposedly, attackers carefully studied the old bug reports, figured out the original problems, and then created new versions of exploits for them.

Google on 0-day vulnerabilities

In some exploits, it was enough to change one or two lines of code to get a new working exploit for a zero-day vulnerability.say the experts.

In addition, three other issues that were discovered last year and affected Chrome, Internet Explorer and Windows were not fully fixed, that is, they eventually required additional patches. In fact, if hackers carefully studied the released fixes, they could discover a way to allow them to continue exploiting bugs and attacks.

Google on 0-day vulnerabilities

Google Project Zero experts advise their colleagues to analyze 0-day vulnerabilities deeper and learn to work with such problems. Once the Google Project Zero team was created specifically to search and research zero-day vulnerabilities, and now its experts say that 0-day bugs are a kind of “window” that allows looking into the heads of attackers, learn as much as possible about possible attack vectors , classes of problems and how to deal with them.

When 0-day exploits are detected in-the-wild, it’s the failure case for an attacker. It’s a gift for us security defenders to learn as much as we can and take actions to ensure that that vector can’t be used again. The goal is to force attackers to start from scratch each time we detect one of their exploits: they’re forced to discover a whole new vulnerability, they have to invest the time in learning and analyzing a new attack surface, they must develop a brand new exploitation method. To do that, we need correct and comprehensive fixes.told Google Project Zero experts.

Let me remind you that in the fall Google Project Zero discovered a 0-day vulnerability in the Windows kernel.

The post Google says that a quarter of all 0-day vulnerabilities are new variations of old problems appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/google-says-that-a-quarter-of-all-0-day-vulnerabilities-are-new-variations-of-old-problems/feed/ 0 5069
Vulnerabilities allowed access to cameras on Mac, iPhone and iPad https://gridinsoft.com/blogs/vulnerabilities-allowed-access-to-cameras-on-mac-iphone-and-ipad/ https://gridinsoft.com/blogs/vulnerabilities-allowed-access-to-cameras-on-mac-iphone-and-ipad/#respond Mon, 06 Apr 2020 16:19:21 +0000 https://blog.gridinsoft.com/?p=3644 Apple paid $75,000 to the IS researcher Ryan Pickren in the frameworks of the bug bounty program for vulnerabilities in Safari, due to which it was possible to access someone else’s cameras on Mac, iPhone and iPad, simply by directing a person to a special site. In total, Picren discovered seven vulnerabilities in the Apple… Continue reading Vulnerabilities allowed access to cameras on Mac, iPhone and iPad

The post Vulnerabilities allowed access to cameras on Mac, iPhone and iPad appeared first on Gridinsoft Blog.

]]>
Apple paid $75,000 to the IS researcher Ryan Pickren in the frameworks of the bug bounty program for vulnerabilities in Safari, due to which it was possible to access someone else’s cameras on Mac, iPhone and iPad, simply by directing a person to a special site.

In total, Picren discovered seven vulnerabilities in the Apple browser and the Webkit browser engine (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784 , CVE-2020-9787), three of which can be linked together and used to track users through the camera and microphone on an iPhone, iPad or Mac.

For such an attack, just a little is required: for the victim to enter a malicious site. No other interaction is required, and a malicious site can pretend to be a popular legitimate resource and abuse the permissions that the victim would grant only to a trusted domain.

“If a malicious site needs to access the camera, all that it needs to mask itself as a reliable site for video conferencing, such as Skype or Zoom”, — the researcher notes.

Corrections for bugs found by the specialist were released as part of Safari 13.0.5 (release dated January 28, 2020) and Safari 13.1 (release dated March 24, 2020).

Picren explains that Safari creates access to devices that require specific permissions (such as camera, microphone, location, and so on) for each individual site. This allows individual sites, such as the official Skype site, to access the camera without asking for user permission with each start.

In iOS, there are exceptions to this rule: if third-party applications must require user’s consent to access the camera, then Safari can access the camera or photo gallery without any permissions.

Access to cameras on Mac and iPhone

Exploitation of the problems became possible due to the way the browser parses URL schemes and processes the security settings for each site. In this case, the researcher’s method works only with sites already open in the browser.

“The most important fact is that the URL scheme is completely ignored,” the expert writes. – This is a problem, as some schemes do not contain a meaningful host name at all, for example file:, javascript: or data:. Simply, the error makes Safari think that the malicious site is actually trusted one. This is due to exploitation of a number of shortcomings (how the browser parses the URI, manages the web origin and initializes the secure context).”

In fact, Safari cannot verify that the sites adhered to Same Origin policies, thereby granting access to another site that should not have been granted permission at all. As a result, the site https://example.com and its malicious counterpart fake://example.com may have the same permissions. Therefore, you can use file: URI (for example, file:///path/to/file/index.html) to trick the browser and change the domain using JavaScript.

“Safari believes we are on skype.com and I can download some kind of malicious JavaScript. Camera, Screen Sharing microphone will be compromised after opening my local HTML file”, — Ryan Pickren writes.

Similarly works the blob URL: (for example, blob://skype.com) can be used to run arbitrary JavaScript code, using it to directly access the victim’s webcam without permission.

Even worse, the study showed that unencrypted passwords can be stolen in the same way, since Safari uses the same approach to detect sites that require automatic password completion.

PoC exploits and a demonstration of the attacks described are available on the specialist blog.

I should also remind you that recently researcher remotely hacked iPhone using only one vulnerability.

The post Vulnerabilities allowed access to cameras on Mac, iPhone and iPad appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/vulnerabilities-allowed-access-to-cameras-on-mac-iphone-and-ipad/feed/ 0 3644