One of the concerns that many of us have with devices with built-in cameras and microphones, it would be whether or not these hardware features could be used to spy on us. This is why some people choose to tape over their microphones and cameras on their computers to prevent this from happening.That being said, it looks like something similar almost happened to iOS and macOS devices. This is according to security researcher Ryan Pickren, who discovered several flaws within Apple’s Safari browser which if exploited, would have allowed an attacker to take over the webcam and microphone of an iOS or macOS device and spy on the user.
According to Pickren, he claims that this has to do with Safari encouraging users to save preferences for site permissions. “So what an attacker could do with this kill chain is make a malicious website that from Safari’s perspective could then turn into ‘Skype’. And then the malicious site will have all the permissions that you previously granted to Skype, which means an attacker could just start taking pictures of you or turn on your microphone or even screen-share.”
Thankfully, it seems that Pickren reached out to Apple to inform them of these vulnerabilities, in which they have since been patched. Pickren was also awarded a cool $75,000 for his discovery under Apple’s expanded bug bounty program.
Filed in . Read more about Hack, iOS, macOS, Privacy, Safari and Security. Source: wired