Apple pays record $100,500 to student who detected Mac webcam hack

Apple pays record $100,500 to student who detected Mac webcam hack

A cyber security student has shown Apple how compromising its Mac webcams can subsequently also leave devices entirely accessible to hackers, earning him $100,500 from the company’s bug bounty programme.

In what is believed to be Apple’s largest bug bounty payout to date, Ryan Pickren, who previously uncovered a camera vulnerability in the iPhone and Mac, received the reward.

According to Pickren, the new webcam vulnerability involves a series of issue with Safari and iCloud that he says Apple has already fixed. A rogue website may use these issues to conduct an attack before they were corrected.

According to Pickren’s characterization of the exploit, the attacker may gain access to all web-based accounts, including iCloud and PayPal, as well as the microphone, camera, and screen-sharing capabilities of the victim’s device. If the camera were utilised, though, its standard green light would still come on as normal.

Pickren reports that the same hack would ultimately mean that an attacker could acquire complete access to a device’s whole filesystem. This would be accomplished by taking advantage of Safari’s “webarchive” files, a mechanism for saving local copies of websites that the browser employs.

For some reason these files define the web origin in which material should be presented, according to Pickren’s analysis. Although this approach allows Safari to re-create the saved website’s environment, the Metasploit developers pointed out in 2013 that an attacker could essentially achieve UXSS [universal cross-site scripting] by design if they could somehow edit this file.

To use a webarchive, one must first download it and then open it. According to Pickren, this meant Apple did not consider this a feasible hack scenario when it originally developed Safari’s webarchive.

“Granted this decision was made about a decade ago, when the browser security model wasn’t nearly as mature as it is now,” explains Pickren.

Tightening security

“Prior to Safari 13, no warnings were ever presented to the user before a website downloaded random files,” he stated. “So planting the webarchive file was straightforward.”

According to reports, neither Apple nor anybody else has commented on the glitch. But Apple has paid Pickren $100,500 from its bug bounty programme, $500 more than previously disclosed pay outs.

According to the corporation, the bug bounty programme has a maximum payment of $1 million and publishes a list of the maximum amounts for each category of reported security vulnerability. Security experts are not required to reveal the amount of money they’ve been paid in public.

As a result, it’s possible that Apple has compensated Pickren for more than the $100,500 she was awarded. However, the corporation has been heavily criticised in the past for paying less than its own maximums and for being slow to remedy reported flaws. [*]

Alex Hoffman-Ellis

Alex joined The Current in 2019 and now works as one of the site’s main writers. Alex covers all Netflix movies and TV shows, but he specialises on anime and K-dramas. Currently resides in Great Britain.