Apple's operating systems, and iOS in particular, is generally regarded as a platform with far lesser security issues than Google's Android, or Microsoft's Windows. Recently, independent cyber security researcher Ryan Pickren managed to recreate a vulnerability in iOS and macOS through Apple's Safari web browser, which could have allowed any malicious attacker to hack into the iPhone's front cameras, thereby causing a serious security breach. Fortunately, the vulnerability was discovered by Pickren and disclosed to Apple, who awarded him with a $75,000 prize in line with the company's bug bounty programme.
The vulnerability existed in the Safari and Webkit browser codes in iOS, which enabled attackers to bypass iOS' generally tight restrictions for access of camera by third party processes. In other words, no random website could typically gain access to the iPhone cameras, unless it was explicitly trusted and allowed by a user. However, a total of seven vulnerabilities in the Safari source code so far allowed attackers to trick the browser into thinking that a malicious site was actually a trusted video calling service such as Skype (as demonstrated by the attacker), or even Zoom (which, incidentally, is facing plenty of privacy-related heat itself).
All it took for attackers, as seen in Pickren's proof of concept of the vulnerability, was for attackers to have convinced a user into clicking on a malicious link. No further user permission was required in order to switch on the camera. More alarmingly, Pickren's work reveals that any JavaScript capable of creating a popup on a webpage could have created this breach, hence creating the serious threat that even a malicious ad code in a legitimate URL could have accessed the device camera without authorisation. The flaw is also said to have affected Safari on Mac.
It is not quite clear if the attackers may have continued to have access to user cameras if the Safari app was closed and the background processes for the app was ended. Nevertheless, the flaw in question has now been patched by Apple, and the fix was likely part of one of the regular security and maintenance updates that users would have received in recent times. The full proof of concept and technical demonstration of the issue has been detailed by Pickren in his blog, which can be read here.
Comments
0 comment