Apple pays $100,500 to student who discovered Mac webcam vulnerability

Pickren said in a blog post that this could be achieved by exploiting a series of issues with iCloud Sharing and Safari 15.

FILE PHOTO: The Apple logo is seen at an Apple Store, as Apple's new 5G iPhone 12 went on sale in Brooklyn, New York, U.S. October 23, 2020. REUTERS/Brendan McDermid/File Photo

Ryan Pickren, a cyber security student was awarded $100,500 as a bounty, after he showed Apple how a vulnerability allows to hackers to gain unauthorised access to webcams on Macs. Pickren said in a blog post that this could be achieved by exploiting a series of issues with iCloud Sharing and Safari 15. It should be noted that these vulnerabilities were fixed by Apple last year as Wired notes.

Typically, researchers reveal the exploits after the company has fixed the issue, which explains why Pickren is posting about this now. The reason is to ensure that the flaw is patched before cybercriminals can start exploiting it.

“The bug gives the attacker full access to every website ever visited by the victim. That means in addition to turning on your camera, my bug can also hack your iCloud, PayPal, Facebook, Gmail, etc. accounts too,” he wrote.

Story continues below this ad

According to Pickren, the hack would ultimately mean that an attacker could gain full access to a device’s entire filesystem. This would be possible by exploiting Safari’s “webarchive” files. Webarchive is a web-created file format used by Safari web browser. It contain HTML, images, sound and video from web pages previously visited.

“A startling feature of these files is that they specify the web origin that the content should be rendered in,” said Pickren. “Until recently, no warnings were even displayed to the user before a website downloaded arbitrary files. So planting the webarchive file was easy,” he continued.

However, now with Safari 13+, users are prompted before each download.

It should be noted that Apple does not confirm these vulnerabilities as such. It only mentions the security fix in software. But Pickren is credited for a software flaw in macOS Catalina for December 2021. The flaw is mentioned as “A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions.” He is also mentioned in an October 2021 security update. The flaw is described as “A malicious application may bypass Gatekeeper checks.”

Story continues below this ad

For the uninitiated, Apple’s bug bounty program offers $100,000 for attacks that gain “unauthorised access to sensitive data.” Apple defines sensitive data as access to contacts, mail, messages, notes, photos or location data.

Earlier, in May 2021, Apple AirTag were exploited by hackers to modify the firmware of the device. Apple had released the AirTag to help people keep track of their misplaced items. The Bluetooth-enabled tracker by Apple has reportedly been hacked by a German cybersecurity researcher as per a Tweet which is a first for the device. The researcher used reverse-engineering on the AirTag’s microcontroller to hack it.