Apple Safari: Vulnerability allowed third parties to access the cameras
A security vulnerability in Apple's Safari browser allowed third parties to use a trick to access the camera on both the iPhone and Mac. However, Apple has already patched this gap. The problems go back to very old bugs in WebKit, which previously would not have played a major role, but are only now becoming more interesting for criminals.
To achieve access, three Safari bugs had to be exploited in succession. In order to undermine the process, Apple distributed corresponding updates in January and March 2020. Previously, it would have been sufficient if a person concerned had clicked on a special link for the hacker to gain access to the camera on the Apple device. The scheme was able to work because Safari encourages users to permanently create shares for certain websites – such as Skype. If a site pretended that it was, for example, Skype, the same access rights were granted – for example, to the microphone and camera.
Attackers were able to take advantage of this, as Safari treated URL variants as one site in the releases – this allowed attackers to create alleged modifications. Thus one could circumvent the safety mechanisms of safaris by specifying a supposedly serious site – sent.
Fortunately, this stitch is no longer working. For you, as always, the advice: Make sure to keep your software, in this case Safari, up to date.