Apple: An American researcher at the Georgia Institute of Technology has received one of the biggest rewards ever paid by Apple to volunteers who find and prove serious bugs in the company’s systems.
Ryan Pickren is a PhD student in cybersecurity and managed to hack into a Mac’s webcam, gaining not only access to the camera, but also other capabilities within the device.
After much study and several attempts, he managed to exploit flaws in the iCloud sharing service known as ShareBear and in the Safari 15 browser to gain access.
The hack requires a number of steps, including the would-be victim having to click to open a supposed attachment on a website. As the intrusion takes place in a shared document in the cloud, it was able to evade the company’s scanning and security systems and disguise the malware as a regular file.
But the camera is just one of the permissions he got: the bug also allowed the researcher to have complete access to each website visited by the victim, which also allowed the theft of credentials from social networks and banks.
In all, Pickren reported four different bugs to Apple and only released the results after all the flaws were properly fixed by the company in updates. Apple rewarded the expert with US$ 100,000 – and he had already received US$ 75,000 from the same company in 2019 when he managed to hack the iPhone camera in a more simplified method.