Here’s why Apple paid a student $100,000 – Times of India

In 2019, Ryan Pickren found a number of vulnerabilities in the iPhone that allowed him to turn on the camera and microphone without the user allowing permissions. Pickren, a PhD student at Georgia Institute of Technology, reported the security vulnerabilities to Apple, who in turn fixed and paid him a bug bounty of $75,000.
A report by 9to5Mac reveals that Pickren found yet another vulnerability but this time in the Mac webcam. “My hack successfully gained unauthorised camera access by exploiting a series of issues with iCloud Sharing and Safari 15. While this bug does require the victim to click “open” on a popup from my website, it results in more than just multimedia permission hijacking,” Pickren wrote on his website.
The bug, as per Pickren, was more dangerous as it allowed any hacker to access any website that was visited by the victim. So not just the camera could’ve been hacked but any other account like Gmail, Facebook or iCloud could have also been attacked. Pickren on his website has a detailed explanation of how the bug exploited the vulnerabilities and how dangerous it was.
He further wrote on his site that he explored how a design flaw in one application can enable a variety of other, unrelated, bugs to become more dangerous. “It was also a great example of how even with macOS Gatekeeper enabled, an attacker can still achieve a lot of mischief by tricking approved apps into doing malicious things,” he wrote.
It was in July 2021 that Pickren submitted these bugs to Apple. He says that Apple has patched all the issues and he was rewarded $100,500 under the bug bounty program. While it’s not confirmed this may be the biggest ever payout that Apple has made under its bug bounty program.

!function(f,b,e,v,n,t,s) {if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)}; if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′; n.queue=[];t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t,s)}(window, document,’script’, ‘https://connect.facebook.net/en_US/fbevents.js’); fbq(‘init’, ‘593671331875494’); fbq(‘track’, ‘PageView’);

Source link