A threat researcher has reportedly found a severe flaw in the Safari web browser for iPhones and macOS running devices. The flaw could let a hacker intrude into your device and hijack the camera and microphone without authentication. Apple's home-brewed web browser Safari allows its users to save their device authentication choices according to each website. For instance, you can let a particular site, say Skype, to access your device camera and microphone to let you connect to someone via Safari. This feature can help an intruder to design a malicious website to exploit the Skype authentication to turn on the camera to take your picture or snoop into your device microphone to overhear your activities.
The threat researcher called Ryan Pickren has reportedly explained that Safari lets various URLs to use the access granted by the user. For example, if a user gives access to its camera and microphone to a URL https://www.xyz.com, all URLs carrying Xyz.com would be able to access the authentication. The feature can be exploited by a hacker by developing a fake://xyz.com and enjoy the same authentication without asking the user, resulting in unlimited access to the device. Karen has explained that these bugs were existing in Apple Safari for years until he brought seven such bugs to the notice of Apple in December 2019. Accepting the flaw, Apple has released a bug bounty for Pickren worth $75,000 as part of its bug bounty program.
Apple has already fixed the flaw
Apple has already fixed such flaws in all its operating systems through updates in January and March 2020. If you are using any Apple device and have already installed the updates, you are safe from any such attacks. If you're still considering whether to upgrade your device or not, this is the time to update your devices to remain safe online.