Apple Safari Flaws Enable One-Click Webcam Access

silversurfer · Apr 6, 2020

A security researcher has disclosed vulnerabilities in Apple’s Safari browser that can be used to snoop on iPhones, iPads and Mac computers using their microphones and cameras. To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link.

Security researcher Ryan Pickren has revealed details on seven flaws in Safari, including three that could be used in a kill chain to access victims’ webcams. The vulnerabilities were previously submitted to Apple via its bug-bounty program and have been patched – however, technical details of the flaws, including a proof of concept (PoC) attack, were kept under wraps until Pickren’s recent disclosure.

“Imagine you are on a popular website when all of a sudden an ad banner hijacks your camera and microphone to spy on you. That is exactly what this vulnerability would have allowed,” said Pickren, in an analysis of the vulnerabilities last week. ”This vulnerability allowed malicious websites to masquerade as trusted websites when viewed on the desktop version of Safari (like on Mac computers) or mobile Safari (like on iPhones or iPads).”

Apple patched the webcam vulnerabilities in a January 28 update (for Safari version 13.0.5) and the remaining four flaws were patched in March. Threatpost has reached out to Apple for further comment.

Malware Man · Apr 6, 2020

Oh boy. This seems quite worrying as I now use all Apple products and my browser of choice is also Safari!

Hopefully Apple has it all taken care of.

Antus67 · Apr 6, 2020

"Quote" To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link.
The members here at MalwareTips are smart enough not to fall for this.... exploit, especially from scuim cyber criminals

SUPRA · Apr 6, 2020

Antus67 said:
"Quote" To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link.
The members here at MalwareTips are smart enough not to fall for this.... exploit, especially from scuim cyber criminals

Yes thanks to this community...

Spawn · Apr 7, 2020

Malware Man said:
Oh boy. This seems quite worrying as I now use all Apple products and my browser of choice is also Safari! Hopefully Apple has it all taken care of.

Apple patched the vulnerabilities in iOS 13.3.1 (January) and Safari 13.1 (March).

Search

Apple Safari Flaws Enable One-Click Webcam Access

silversurfer

Level 68

Malware Man

Level 9

Antus67

Level 9

SUPRA

Level 3

Spawn

Administrator

Similar threads