Apple Pays $100K to a Student Who Revealed a Mac Webcam Bug
American cybersecurity student Ryan Pickren has found a new way of hacking Mac webcams that could also leave Apple devices fully open to hackers. The student who had previously discovered a series of iPhone vulnerabilities received probably the largest payout from Apple within the Bug Bounty program – $100,500.
According to Pickren, the newly discovered Mac webcam vulnerability was related to a series of problems with iCloud and Safari, which are now said to be fixed.
The full description of the exploit explains that it gives a potential attacker full access to all web-based accounts like iCloud and PayPal, as well as permission to use the microphone, camera, and screen sharing.
Pickren explained that this hack could ultimately allow the attacker to access the entire filesystem of the device by exploiting Safari's webarchive files, the system used to save local copies of websites. A user has to download such a file and then open it.
Apple already knew about such an exploit back in 2013. However, the company didn't consider this hack realistic when it first implemented Safari's webarchives functionality. The company said that all vulnerabilities have already been eliminated.