Security architect and hacker Ryan Pickren discovered seven zero-day vulnerabilities in Safari and had the option to develop a kill chain using only three of them to hack the iPhone camera effectively. The vulnerabilities additionally influenced the MacBook’s camera.
In December 2019, Pickren chose to nudge into Safari for iOS and macOS and “hammer the browser with obscure corner cases” in would like to find some odd conduct. He focused especially on the camera model, which in spite of being “quite extreme,” had some security provisos.
“To cut a very long and technical story short: Pickren found a total of seven zero-day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787) of which three could be used in the camera hacking kill chain. The vulnerabilities involved the way that Safari parsed Uniform Resource Identifiers, managed web origins and initialized secure contexts. Yes, this involved tricking a user into visiting a malicious website. Still, that website could then directly access the camera provided it had previously trusted a video conferencing site such as Zoom, for example.“
Pickren revealed the issues to Apple in mid-December through the organization’s Bug Bounty program. Apple approved all the seven bugs and sent a fix for the 3-bug camera murder chain in Safari 13.0.5 update which was discharged on January 28. The staying four vulnerabilities were less serious and fixed by Apple in the Safari 13.1 discharge on March 24. Apple paid Pickren $75,000 for finding these vulnerabilities.
“I really enjoyed working with the Apple product security team when reporting these issues,” Pickren told Forbes, “the new bounty program is absolutely going to help secure products and protect customers. I’m really excited that Apple embraced the help of the security research community.”
As Pickren himself puts it, the most significant takeaway from the security helplessness is that “users ought to never feel totally certain that their camera is secure” independent of which OS or device they are using.