Apple pays $100,500 to cybersecurity student who found Mac webcam hack

Apple has awarded Ryan Pickren $100,500 for highlighting a bug in the iCloud Sharing and Safari 15 protocols. Pickren is a cyber security student, who submitted his report to Apple last year about a bug that allows malicious websites to access a user's web camera and the web searching history. Keep reading to know more about the issue and how did Pickren find out the presence of a bug in Apple's software. 

In his blog post, Ryan Pickren informs that his hack successfully gained unauthorized camera access by exploiting multiple issues with iCloud Sharing and Safari 15. The test bug developed by Pickren requires users to clock open on a popup from the test website, but it results in more than just multimedia permission hijacking. The bug can give an attacker full access to every website every visited by the victim. to sum up, the bug allowed attackers to open users' cameras and hack their personal information on licked sites such as iCloud, PayPal, Gmail, and more. 

Ryan Pickren found four zero-day vulnerabilities

Through his research, Ryan Pickren found out about the presence of four zero-day vulnerabilities, two of which could be used to hack the users' camera. For reference, zero-day vulnerabilities are those bugs that are exploited by hackers before the company knows about them. Pickren submitted his research and reported the bugs to Apple and was awarded a bounty of $100,500, which roughly translates to Rs. 75,30,600. In fact, these findings were submitted to Apple back in July 2021 and have been fixed by the company earlier this month. 

Generally, cybersecurity experts and researchers reveal such vulnerabilities after they have been fixed by respected companies. Otherwise, the information can be misused by threat actors. On the other hand, the time gap also allows companies to fix the flaw to avoid exploitation. This is why Ryan has recently reported submitting the issue to Apple. Interestingly, Apple has not confirmed or mentioned the presence of these bugs at length. 

Nevertheless, Pickren has been credited for highlighting a software flaw in macOS, in December 2021 and in October 2021. It is mentioned as "A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions." For those catching up, Ryan has been awarded $100,500 as a part of the bug bounty program run by Apple. Previously, a 27-year-old Indian developer Bhavuk Jain was awarded the bounty amount back in 2020.

(Image: ryanpickren.com)