Apple has rewarded a security researcher $75,000 bug bounty after he discovered Apple Safari vulnerability and macOS camera vulnerability; the flaw would allow attackers to hijack the camera and microphone on any iPhone or Mac computer.
Ryan Pickren, an ethical hacker, disclosed seven vulnerabilities in Apple’s Safari browser; three of which could have been exploited to spy on users. To exploit the flaws in a real-world attack, all an attacker would need to do is urge a victim to click one malicious link. He was able to do that by combining together three different vulnerabilities in Desktop and Mobile Safari that would allow a site to impersonate another trusted site and trick Safari into handing over control to the computer’s webcam and microphone.
“Imagine you are on a popular website when all of a sudden an ad banner hijacks your camera and microphone to spy on you. That is exactly what this vulnerability would have allowed. This vulnerability allowed malicious websites to masquerade as trusted websites when viewed on Desktop Safari (like on Mac computers) or Mobile Safari (like on iPhones or iPads),” Pickren stated in an analysis of the vulnerabilities.
The list of Apple Safari zero-day vulnerabilities
Pickren had reported the seven flaws back in December 2019 as part of Apple’s bug-bounty program.
By clicking on the AA button in Safari’s address bar or the Website’s settings in Safari Desktop, a website can be permanently allowed to access a device’s camera and become a trusted site.
Can websites utilize Safari’s permissions?
New web technologies allow certain websites to utilize Safari’s permissions to access the camera directly. Pickren said that this feature is great for web-based video-conferencing apps such as Skype or Zoom. But it undermines the OS’s native-camera security model.
To prevent exploitation, users can force websites to ask each time they want access to the camera rather than saving the preference.
Pickren stated that he “.. really enjoyed working with the Apple product security team when reporting these issues. The new bounty program is going to help secure products and protect customers. I’m really excited that Apple embraced the help of the security research community.”
In other news, Apple recently updated its Safari app to block all third-party cookies.