According to reports, recently patched bugs on Safari allowed hackers to take over users’ webcams and microphones on Apple iPhones, iPads, Macbooks, and Macs. The bugs were originally found by a security researcher named Ryan Pickren, who says when several of them are combined and sent as a link, it tricks the Safari browser into relinquishing control of the webcam and mic.
Wired reveals hackers were able to secretly launch the victim’s webcam and mic and use both to record video, audio, and create photos. The security researcher notes that the bugs date from “years ago” and have become far more dangerous than when they were created. Apple has since rewarded the researcher a $75,000 USD bug bounty and patched the bugs with its January and March updates. However, if users have yet to update their Apple products in January or March, they may still be vulnerable to the attack.
In other tech news, Apple’s iPhone 9 may release this April.
All a victim would have needed to do is click one malicious link and an attacker would have been able to spy on them remotely https://t.co/f3FztHBhqf
— WIRED (@WIRED) April 4, 2020
Story of $75,000 bug bounty : It uncovered seven zero-day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787), 3 of which were used in the kill chain to access the camera : https://t.co/dB33h84AdR pic.twitter.com/K5oIDlQ7Td
— Binni Shah (@binitamshah) April 3, 2020
Uh, not great. https://t.co/B0azMOTj1d
— Mashable UK (@MashableUK) April 6, 2020