Security News > 2020 > April > How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera
Turns out merely visiting a website - not just malicious but also legitimate sites unknowingly loading malicious ads as well - using Safari browser could have let remote attackers secretly access your device's camera, microphone, or location, and in some cases, saved passwords as well.
"If the malicious website wanted camera access, all it had to do was masquerade as a trusted video-conferencing website such as Skype or Zoom," Pickren said.
When chained together, three of the reported Safari flaws could have allowed malicious sites to impersonate any legit site a victim trusts and access camera or microphone by abusing the permissions that were otherwise explicitly granted by the victim to the trusted domain only.
There are exceptions to this rule on iOS. While third-party apps must require user's explicit consent to access the camera, Safari can access the camera or the photo gallery without any permission prompts.
Put another way, Safari failed to check if the websites adhered to the same-origin policy, thereby granting access to a different site that shouldn't have obtained permissions in the first place.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/TLOWwnt2GAc/hacking-iphone-macbook-camera.html