Security News > 2020 > April > Apple Safari Flaws Enable One-Click Webcam Access
To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link.
Security researcher Ryan Pickren has revealed details on seven flaws in Safari, including three that could be used in a kill chain to access victims' webcams.
With these issues in mind, Pickren discovered three vulnerabilities in the macOS and iOS versions of Safari 13.0.4, which eventually allowed him access to the webcam sans victim permission.
Safari would then give the attackers behind the link untethered permission to access the webcam via the MediaDevices Web API. "If a malicious website strung these issues together, it could use JavaScript to directly access the victim's webcam without asking for permission," he said in a technical walk through of the attack.
Apple patched the webcam vulnerabilities in a January 28 update and the remaining four flaws were patched in March.
News URL
https://threatpost.com/apple-safari-flaws-webcam-access/154476/