Security experts have fun weak spots in Apples Safari browser that could be used to spy owners of apple products. The microphone and camera in the Ipad, Iphone, and Mac were all compromised according to researchers, all an attacker would need is for you to click on a malicious link and they would have access to you. Luckily thanks to Apples Bug Bounty program the flaw was found and a hacker who discovered the flaw was the recipient of a $75,000 check.

There were seven flaws total in safari, 3 of those were used for the ability to hijack victims webcams. Normally each app must ask for permission to access someone’s devices, however Apples own apps do not require this function. To make matters worse new technologies have been emerging and gaining more of a foothold in our lives do to the corona virus like Skype and Zoom. These platforms utilizes safaris permission to access your device without having to ask for the users permission first. For an attacker to take advantage of these systems they would make a Fake URL that tricks safari into thinking the hacker controlled site is “secure”. Safari then gives the attacker complete permission to access the webcam via MediaDevices Web API.

Apple patched the web came vulnerabilities in a January update and the other remaining flaws in March. The discloser came out after last week two Zoom flaws in the macOS web conferencing platform were discovered.  

Image: https://www.macobserver.com/columns-opinions/devils-advocate/apple-security/

Article: https://threatpost.com/apple-safari-flaws-webcam-access/154476/