Apple pays $100,500 to student who discovered Mac webcam vulnerability | Technodaily

Ryan Pickren, a cyber security student was awarded $100,500 (around 75 lakhs) as a bounty, after he showed Apple how a vulnerability allows hackers to gain unauthorized access to webcams on Macs.

  Pickren said in a blog post that this could be achieved by exploiting a series of issues with iCloud Sharing and Safari 15. 

It should be noted that these vulnerabilities were fixed by Apple last year as Wired notes.

Typically, researchers reveal the exploits after the company has fixed the issue, which explains why Pickren is posting about this now. The reason is to ensure that the flaw is patched before cybercriminals can start exploiting it.

“The bug gives the attacker full access to every website ever visited by the victim. That means in addition to turning on your camera, my bug can also hack your iCloud, PayPal, Facebook, Gmail, etc. accounts too,” he wrote.

According to Pickren, the hack would ultimately mean that an attacker could gain full access to a device’s entire filesystem. This would be possible by exploiting Safari’s “web archive” files. Webarchive is a web-created file format used by Safari web browser. It contains HTML, images, sound, and video from web pages previously visited.

“A startling feature of these files is that they specify the web origin that the content should be rendered in,” said Pickren. “Until recently, no warnings were even displayed to the user before a website downloaded arbitrary files. So planting the web archive file was easy,” he continued.

However, now with Safari 13+, users are prompted before each download

It should be noted that Apple does not confirm these vulnerabilities as such. It only mentions the security fix in software. But Pickren is credited for a software flaw in macOS Catalina for December 2021. The flaw is mentioned as “A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions.” He is also mentioned in an October 2021 security update. The flaw is described as “A malicious application may bypass Gatekeeper checks.”

For the uninitiated, Apple’s bug bounty program offers $100,000 for attacks that gain “unauthorized access to sensitive data.” Apple defines sensitive data as access to contacts, mail, messages, notes, photos, or location data.

Earlier, in May 2021, Apple AirTag was exploited by hackers to modify the firmware of the device. Apple had released the AirTag to help people keep track of their misplaced items. The Bluetooth-enabled tracker by Apple has reportedly been hacked by a German cybersecurity researcher as per a Tweet which is a first for the device. The researcher used reverse-engineering on the AirTag’s microcontroller to hack it.