A cyber security student demonstrated how hacking Apple’s Mac cameras can render devices completely vulnerable to hackers, earning him $100,500 from the company’s bug bounty program.
Ryan Pickren, who previously uncovered a camera weakness in the iPhone and Mac, has received what is thought to be Apple’s greatest bug bounty payout. According to Pickren, the new webcam vulnerability was related to a series of Safari and iCloud issues that Apple has since resolved. A rogue website may use these issues to conduct an attack before they were corrected.
Pickren outlines in detail how the exploit would grant the attacker full access to all web-based accounts, including iCloud and PayPal, as well as the ability to use the microphone, camera, and screensharing. However, if the camera is used, the camera’s standard green light will turn on.
According to Pickren, the same hack would allow an attacker to get complete access to a device’s whole filesystem. It would do so by taking use of Safari’s “webarchive” files, which are used to keep local copies of websites in the browser.
Pickren notes, “A shocking characteristic of these files is that they identify the web origin in which the material should be presented.” “While this is a fantastic method for allowing Safari to reconstruct the context of a stored page, as the Metasploit writers pointed out in 2013, if an attacker can edit this file in any way, they can practically achieve UXSS [universal cross-site scripting] by design.b”A user must first download and then open a webarchive file. According to Pickren, this meant that when Apple first implemented Safari’s webarchive, it did not consider this a realistic hack scenario. “To be fair, this decision was made nearly a decade ago, when the browser security paradigm wasn’t nearly as advanced as it is now,” Pickren explains.
He said, “Prior to Safari 13, no warnings were ever presented to the user before a website downloaded arbitrary files.” “It was therefore simple to place the webarchive file.”Apple hasn’t commented on the flaw, and it’s unclear whether it’s been actively abused. Pickren, on the other hand, was paid $100,500 from Apple’s bug bounty program, which is $500 more than previously reported payouts.
The corporation publishes a list of maximum sums each category of security issue reported, and the bug bounty program can officially reward up to $1 million. There is no compulsion for security experts to reveal how much they have been paid in public.
As a result, it’s possible that Apple has paid out more than $100,500 to Pickren. However, the corporation has been chastised in the past for paying less than its stated maximums and being reluctant to fix reported faults.