Apple Safari Flaws Enable One-Click Webcam Access

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,148
Content source
https://threatpost.com/apple-safari-flaws-webcam-access/154476/
A security researcher has disclosed vulnerabilities in Apple’s Safari browser that can be used to snoop on iPhones, iPads and Mac computers using their microphones and cameras. To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link.

Security researcher Ryan Pickren has revealed details on seven flaws in Safari, including three that could be used in a kill chain to access victims’ webcams. The vulnerabilities were previously submitted to Apple via its bug-bounty program and have been patched – however, technical details of the flaws, including a proof of concept (PoC) attack, were kept under wraps until Pickren’s recent disclosure.

“Imagine you are on a popular website when all of a sudden an ad banner hijacks your camera and microphone to spy on you. That is exactly what this vulnerability would have allowed,” said Pickren, in an analysis of the vulnerabilities last week. ”This vulnerability allowed malicious websites to masquerade as trusted websites when viewed on the desktop version of Safari (like on Mac computers) or mobile Safari (like on iPhones or iPads).”
Click to expand...
Apple patched the webcam vulnerabilities in a January 28 update (for Safari version 13.0.5) and the remaining four flaws were patched in March. Threatpost has reached out to Apple for further comment.
Click to expand...
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, Outpost, stefanos and 7 others
Antus67

Antus67

Level 9
Verified
Well-known
Nov 3, 2019
413
"Quote" To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link.
The members here at MalwareTips are smart enough not to fall for this.... exploit, especially from scuim cyber criminals
 
Last edited:
  • Like
Reactions: Protomartyr, silversurfer, Gandalf_The_Grey and 2 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
    • Applause
Security News Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
Replies
3
Views
1,099
Security News
Gandalf_The_Grey
Gandalf_The_Grey
[correlate]
    • Like
    • +Reputation
Apple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and Safari
Replies
1
Views
1,114
News Archive
Trooper
Trooper
vtqhtr413
    • +Reputation
    • Like
Security News Apple fixes two new iOS zero-days exploited in attacks on iPhones
Replies
0
Views
1,051
Security News
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top