Apple's operating systems, and iOS in particular, is generally regarded as a platform with far lesser security issues than Google's Android, or Microsoft's Windows. Recently, independent cyber security researcher Ryan Pickren managed to recreate a vulnerability in iOS and macOS through Apple's Safari web browser, which could have allowed any malicious attacker to hack into the iPhone's front cameras, thereby causing a serious security breach. Fortunately, the vulnerability was discovered by Pickren and disclosed to Apple, who awarded him with a $75,000 prize in line with the company's bug bounty programme.
The vulnerability existed in the Safari and Webkit browser codes in iOS, which enabled attackers to bypass iOS' generally tight restrictions for access of camera by third party processes. In other words, no random website could typically gain access to the iPhone cameras, unless it was explicitly trusted and allowed by a user. However, a total of seven vulnerabilities in the Safari source code so far allowed attackers to trick the browser into thinking that a malicious site was actually a trusted video calling service such as Skype (as demonstrated by the attacker), or even Zoom (which, incidentally, is facing plenty of privacy-related heat itself).
It is not quite clear if the attackers may have continued to have access to user cameras if the Safari app was closed and the background processes for the app was ended. Nevertheless, the flaw in question has now been patched by Apple, and the fix was likely part of one of the regular security and maintenance updates that users would have received in recent times. The full proof of concept and technical demonstration of the issue has been detailed by Pickren in his blog, which can be read here.