A white-hat hacker used a series of three vulnerabilities that he found could hijack iPhone cameras. The same method will work on Macs even with the cameras.
In December last year, Ryan Pickren disclosed the vulnerabilities to Apple. In January, the company fixed the most serious of them, and last month, the others.
The strategy relied on an exception to Apps ‘normal privacy requirement to request camera or microphone access permission …
Forbes states that the exception was Apple’s own apps— including Safari.
Pickren identified a total of seven zero-day vulnerabilities, and was able to combine three to gain access to iPhone cameras and microphones.
The hacker disclosed the bugs to Apple, and was praised for receiving a $75,000 bug bounty reward.
A fellow security researcher said it’s surprising hackers for this form of attack have not focused more on mobile devices. Of special interest would be the ability to hijack iPhone cameras, he said.