- The flaw was detected by security researcher Ryan Pickren
- The flaw gave remote access to hackers to Apple devices using Safari browser
- It has since been fixed by Apple via a security patch
Apple's Safari browser has a history of security vulnerabilities, and now a new one has been detected -- and since been patched up. This is because a security researcher had found a flaw in the Safari browser that could have possibly allowed hackers to hijacking the camera and microphone on their iOS and macOS devices.
The flaw was detected by security researcher Ryan Pickren who has published an account of how he found the vulnerabilities, which allowed malicious websites to masquerade as trusted websites" when viewed on iPhones, iPads and Mac devices using Apple's Safari browser.
As per the researcher, Hackers could then use their fraudulent identity to invade users' privacy. This worked because Apple lets users permanently save their security settings on a per-website basis... If the malicious website wanted camera access, all it had to do was masquerade as a trusted video-conferencing website such as Skype or Zoom.
Luckily for a lot of us, the researcher went to Apple with his findings in December 2019 after which the tech giant patched the vulnerabilities in January and March. Pickren said that he reported the flaws (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, and CVE-2020-9787) as part of Apple's bug-bounty program (which was made public to the research community in December) -- winning the researcher $75,000.
The repotrt about the flaw comes shortly after we read concerning news of Zoom zero-day flaws on macOS. As per reports, the Zoom flaw gave local, unprivileged attackers root privileges which allowed them access to victims' microphone and camera.