Apple Pays $75K to Cybersecurity Researcher On Camera Security Flaw

Image via Apple 
Apple paid $75,000 to a hacker for discovering a security bug in the camera exploits in Safari. The zero-day vulnerabilities included the software used to hijack the camera and access it in Safari in both iOS devices and Macs. These flaws are in the software that nobody in the general public knows, except for those who are hacking or exploiting the software secretly.

A cybersecurity researcher named Ryan Pickren reportedly discovered the flaws in Safari after he decided to pillage the browser with obscure corner cases until it started displaying unexpected behaviour. Pickren found 7 exploits in the browser upon the initial report in December 2019. He portrays that the camera exploits in Safari parsed the Uniform Resource Identifiers, managed the web origins and initialised secure contexts. All of these three attributes led Pickren to get access to the Mac or iOS device’s camera by tricking a user to visit an unsecured, malicious website.

Pickren describes the bug in the report:
“A bug like this shows why users should never feel totally confident that their camera is secure," Pickren said, "regardless of operating system or manufacturer.”
He reported the bug to Apple’s Bug Bounty Program in December 2019 and the company validated all of the bugs immediately. Apple then pushed out a bug fix enclosing the camera kill chain a few weeks after the reporting in Safari version 13.0.5. The minor zero-day vulnerabilities are patched in the latest Safari 13.1 update on March 24th.

Apple opened their bug bounty program to security researchers in December 2019, where hackers, researchers and cybersecurity experts can submit bug reports hindering the security and privacy of iOS devices, Macs and other Apple devices to the Cupertino company. The program is invitation-only and reporters can get paid from $200,000 to a million dollars depending on the severity of the security bugs and flaws they report. The Cupertino firm plans to provide all of their trusted cybersecurity researchers and hackers with “dev” iPhones, which are modified iPhones that allow deeper access to the undercover iOS software that will aid the researchers to detect and report security flaws and breaches easily.

Post a Comment

Previous Post Next Post