Lost Password

Apple pays $100,500 to a student that found Mac webcam hack

Cyber security student, Ryan Pickren, demonstrated how hacking webcams can leave the Mac device open to more hackers. He was participating in the company’s bug bounty program and was awarded $100,500 for the discovery. This was Apple’s largest bug bounty payout yet.
In a report by Apple Insider, Pickren recognized the new webcam vulnerability was concerned with Safari and iCloud. This gave hackers access to all web-based accounts, including iCloud and PayPal, and further permissions to use the microphone, camera, and screensharing. Safari’s ‘web archive’ files would have been exploited by hackers. Pickren says, “A startling feature of these files is that they specify the web origin that the content should be rendered in. This is an awesome trick to let Safari rebuild the context of the saved website, but as the Metasploit authors pointed out back in 2013, if an attacker can somehow modify this file, they could effectively achieve UXSS [universal cross-site scripting] by design.”
Apple has not commented on the bug and it is not known how many people were exploited, but the company has since then fixed the issue. Pickren received $500 more than previous payouts by Apple, but the tech company can officially award around $1 million in the program. 

Share This Post

Like This Post


Related Posts


    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Thanks for submitting your rating!
    Please give a rating.

    Thanks for submitting your comment!