Even while having a great name for security, Apple has been a little disappointing for its users; the reason of which has been its Safari browser.
Very recently, a security researcher brought in light, a way how an attacker could exploit three Safari bugs in succession and acquire a target’s webcam and microphone on iOS and macOS devices.
“Safari encourages users to save their preferences for site permissions, like whether to trust Skype with microphone and camera access,” says Ryan Pickren, the security researcher who opened about the vulnerabilities to Apple.
“So what an attacker could do with this kill chain is create a malicious website that from Safari’s vision could then turn into ‘Skype’. And then the malicious site will have all the access that you previously granted to Skype, which means an attacker could just begin getting pictures of you or turn on your microphone or even screen-share,” he further added.
“I just kind of hammered the browser with really weird cases until Safari got confused and gave an origin that didn’t make sense,” he states. “And eventually the bugs could all kind of bounce from one to the next. Part of this is that some of the bugs were old flaws in the WebKit core from years ago. They probably were not as dangerous as they are now just because the stars lined up on how an attacker would use them today.”
Pickren submitted seven vulnerabilities to Apple’s bug bounty program in mid-December and says he got a response that the company had validated the bugs the next day.
While an attacker would only destroy three of the bugs to take over webcams in the chain Pickren envisioned, he got other, related flaws along the way that he submitted too. Pickren says that part of the reason he encountered so many extra bugs was that he was looking for an attack chain that would work on both iOS and macOS—and Safari is designed slightly differently for each.
Apple widened its bug bounty initiative in December to accept vulnerabilities across more of its products and services.