Apple awarded $75,000 to a hacker who discovered shortcomings that allowed him to hack the cameras of iPhones and Macs. The ethical hacker is a security researcher and former Amazon Web Services security engineer, Ryan Pickren. According to Forbes, Mr. Pickren discovered about seven zero day vulnerabilities in the browser of Apple, Safari. Apple has now fixed these flaws.
Out of these seven vulnerabilities, three could be subjected to hacking of the cameras of iOS and Mac iOS devices.
In order to gain access to the device’s camera, the exploit required victims to visit a malicious website. It could then access the device’s camera if it has prior trusted a video conferencing service like Zoom.
Pickren also published a blog describing the technical information about the vulnerabilities. “Put simply – the bug tricked Apple into thinking a malicious website was actually a trusted one. It did this by exploiting a series of flaws in how Safari was parsing URIs, managing web origins, and initializing secure contexts,” the security researcher explained in his blog.
Picken told Forbes, “A bug like this shows why users should never feel totally confident that their camera is secure, regardless of operating system or manufacturer.”
In mid-December 2019, Ryan disclosed the vulnerabilities in Safari to Apple. A few weeks after the validation of the seven vulnerabilities, Apple went on to release a fix in January 2020 for the major exploit of the cameras of iPhone and Mac devices. The fix was 13.0.5 update of Safari that covered all prior flaws. The less harmful flaws were fixed later in March 2020 with 13.1 update of Safari.
The security researcher, Ryan Pickren was then awarded with $75,000. Pickren claimed it to be his first earning from Apple. He said that he enjoyed working with Apple and the bounty program will cover all vulnerabilities and protect customers. Pickren said, “I really enjoyed working with the Apple product security team when reporting these issues. The new bounty program is absolutely going to help secure products and protect customers. I’m really excited that Apple embraced the help of the security research community.”