Documented exploits are now available that chain multiple vulnerabilities in the Safari web browser on iOS and OSX to access webcam and audio without normal user consent alerts. This vulnerability is in Apple Safari and is not known to impact other browsers.
Central IT strongly recommends expeditious remediation of vulnerable systems.
Vulnerability
- https://www.wired.com/story/hacker-apple-safari-webcam-bug/
- https://mashable.com/article/apple-safari-bug-camera-mic-takeover/
Affected Versions
- Apple Safari on all iPhone, iPad, and OSX devices are impacted.
Remediation
- Update the Safari browser to version 13.1 or newer by downloading and installing the most recent operating system patch (iOS or OSX):
- For systems where the patch cannot be deployed, please disable the webcam and microphone until you are able to patch. Steps for this workaround vary by operating system version and device; please refer to https://support.apple.com/ for additional guidance.
Please direct questions to the IT Support Center at askIT@udel.edu or (302)831-6000.