Ryan Pickren, a cyber security student and former Amazon Web Services security engineer, has exposed a critical glitch in Apple devices and bagged a bug bounty of $100,500. The bounty is the highest ever Apple bug bounty reward paid to anyone. Pickren is no stranger to Apple vulnerabilities, as he discovered an iPhone and Mac camera vulnerability earlier in April 2020. Now, he has exposed another Mac webcam bug which allows hackers to breach into the device and access sensitive user information.
According to a report by AppleInsider, this Apple Mac webcam bug was related to a series of issues with iCloud and Safari browser. Hackers could potentially attack millions of Apple users through these bugs and gain unauthorized access to multiple user accounts information. Since then, Apple has fixed these issues.
Pickren posted on his blog recently and gave a detailed explanation of how this vulnerability would allow hackers to gain access to user accounts details like Gmail, Facebook, Zoom and Paypal. Not only limited to this, the vulnerability opened access to all web-based accounts and information including iCloud and gave permission to use webcam and microphone to watch and listen to anything the user might be doing. This exposed a very critical security flaw in all Apple devices including Mac, iPhone and iPad. This is what ultimately led to him winning the huge Apple bug bounty reward.
Pickren explained that it all began with exploiting the Safari browser (Safari v15 when he attempted this) and gaining access to the webarchive files. Webarchives are local storage for Safari browser where it saves local copies of websites to open them faster.
"This is an awesome trick to let Safari rebuild the context of the saved website, but
Read more on tech.hindustantimes.com