Serious Privacy Flaw in Safari Allows One-Click Webcam Access

Walden Systems Geeks Corner News  Serious Privacy Flaw in Safari Allows One-Click Webcam Access Rutherford Nj New Jersey NYC New York City North Bergen County
CielView-Server minimizes redundancy in computing resources while allowing users remote desktop access to virtualized user Desktops. CielView-Desktop provides customized solutions to each user in an organization

Vulnerabilities in Apple's Safari browser were found by security researchers. The vulnerabilities can be used to spy on iPhones, iPads and Mac computers using their microphones and cameras. To exploit the flaws in a real-world attack, a hacker would only need to convince a victim to click one malicious link.

There are seven flaws in Safari, including three that could be used in a kill chain to access victims' webcams. The vulnerabilities were previously submitted to Apple via its bug-bounty program and have been patched. Normally, each app must be explicitly granted permissions by users to access devices' cameras and microphones but Apple's own apps do not require them, including Safari. New web technologies, including the MediaDevices Web API, an interface providing access to connected media input devices like cameras and microphones, as well as screen sharing, allow certain websites to utilize Safari's permissions to access the camera directly. While this feature is great for web-based video-conferencing apps such as Skype or Zoom, this new web-based camera tech undermines the OS's native-camera security model.


Apple patched the webcam vulnerabilities for Safari version 13.0.5 as well as the remaining four flaws. The white hat hacker who discovered the vulnerabilities received a $75,000 from Apple's bug-bounty program.