Home » News » Tech » Apple Pays Cybersecurity Student $100,500 Bounty For Finding Mac Webcam Bug
1-MIN READ

Apple Pays Cybersecurity Student $100,500 Bounty For Finding Mac Webcam Bug

The new Apple iMac that was launched last year. (Image: Apple)

The new Apple iMac that was launched last year. (Image: Apple)

Apple has not commented on the vulnerability yet, but the company has paid the security researcher a sum of $100,500 from its bug bounty program.

Apple has awarded a cybersecurity student $100,500 (roughly Rs 75,54,000) in bounty rewards for finding a vulnerability in the webcams on Mac computers. The student, Ryan Pickren, spoke about the vulnerability in a blog post saying that hackers can achieve access to webcams on Mac computers by exploiting issues with iCloud Sharing and Safari 15. These vulnerabilities are now fixed by Apple, Pickren said in his blog post. The $100,500 bounty is reportedly the largest bug bounty payout from the Cupertino-based giant.

Pickren had previously also discovered an iPhone and Mac camera vulnerability. He said that before the issue was fixed by Apple, a malicious website could launch an attack using these flaws. In his blog post, Pickren explained that the vulnerability will give the attacker full access to all web-based accounts from iCloud to PayPal, plus the permission to use the microphoe, camera, and screensharing on Mac computers. He said that the same hack would ultimately mean that an attacker could gain full access to a device’s entire filesystem by exploiting Safari’s “webarchive” files.

ALSO READ: Apple Starts Rolling Out iOS 15.3 Update: All Improvements It Brings For iPhone Users

“A startling feature of these files is that they specify the web origin that the content should be rendered in. This is an awesome trick to let Safari rebuild the context of the saved website, but as the Metasploit authors pointed out back in 2013, if an attacker can somehow modify this file, they could effectively achieve UXSS [universal cross-site scripting] by design,” Pickren said in his blog post.

Apple has not commented on the vulnerablity yet, but the company has paid Pickren a sum of $100,500 from its bug bounty program. The bug bounty program from Apple can officially award up to $1 million (roughly Rs 7,51,00,000) to those who find bugs in the company’s software or gadgets. Apple publishes a list of maximum sums per category of security issue reports.

ALSO READ: Apple Inviting iPhone 13 Pro/ Pro Max Users For A Macro Photography Challenge, Jury Includes 2 Indians.

Read all the Latest News, Breaking News and Coronavirus News here.

first published:January 27, 2022, 10:34 IST