Camera vulnerability discovered in Safari

Avatar for Mihnea Bondor
apple safari
London, UK – July 31, 2018: The buttons of the Apple internet browser app Safari, surrounded by Firefox, Firefox Focus, News and other apps on the screen of an iPhone.

As pointed out by Ryan Pickren on his blog, a vulnerability inside Safari allowed websites to access the iPhone’s cameras without users knowledge.

Beside this, the vulnerability also allowed malicious website to sneak and pretend to be trusted website on Desktop View inside Safari on Mac, iOS and iPadOS.

Even worse, on a secure website, there might also be advertisements that could exploit users’ privacy or hackers to use their “fraudulent identity” to invade and steal personal datas.

This security flaw was possible because the default settings were set to be allow trusted websites to access camera and microphone without a manual permission that had to be granted by the user, therefore, the malicious websites has to be disguised as video-conferencing websites such as Skype and Zoom, and the users wouldn’t be aware of that.

Apple has offered a reward of $75,000 for leaking the vulnerability to them, as long as he reported it and found it that in falls into the “Network Attack without User Interaction: Zero-Click Unauthorized Access to Sensitive Data” category, which Apple usually offers bounties for on the developer website.

Camera vulnerability discovered in Safari.        Camera vulnerability discovered in Safari.

Total
0
Shares
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Related Posts