Apple fixed Safari bugs that allowed access to webcams and microphones on iPhone and Mac
14.04.2020 0 Comments
Information security researcher Ryan Picren described in detail vulnerabilities in the Safari browser that allowed attackers to gain unauthorized access to cameras and microphones on iOS and macOS devices.
It is noted that a specially created site can make Safari believe that the page has the same camera and microphone permissions that the user has already provided, for example, for Skype. An attacker would simply have to use a combination of specially crafted web addresses and scripts to implement the type of fraud known as bait and spoofing.
If successful, the attacker can safely record audio and video from the device and eavesdrop on victims. This can be a particularly serious problem now, when many people use webcams for remote meetings and classes during a pandemic of the coronavirus infection COVID-19.
Apple relatively quickly fixed these vulnerabilities in the Safari browser. Information about them was disclosed in December last year, and relevant updates appeared in January and March. At the same time, Picren noted that some of the patches touch on “really very old” errors in WebKit, and they come to the fore because of how hackers can use them in the modern era.