BIGGEST Apple Bug Bounty reward of $100,500 paid to student over Mac webcam bug
Ryan Picker, a cyber security student, bagged the biggest Apple bug bounty reward ever paid for revealing Mac webcam bug that opened doors to hackers
Ryan Pickren, a cyber security student and former Amazon Web Services security engineer, has exposed a critical glitch in Apple devices and bagged a bug bounty of $100,500. The bounty is the highest ever Apple bug bounty reward paid to anyone. Pickren is no stranger to Apple vulnerabilities, as he discovered an iPhone and Mac camera vulnerability earlier in April 2020. Now, he has exposed another Mac webcam bug which allows hackers to breach into the device and access sensitive user information.
According to a report by AppleInsider, this Apple Mac webcam bug was related to a series of issues with iCloud and Safari browser. Hackers could potentially attack millions of Apple users through these bugs and gain unauthorized access to multiple user accounts information. Since then, Apple has fixed these issues.
How did these bugs expose Apple's security
Pickren posted on his blog recently and gave a detailed explanation of how this vulnerability would allow hackers to gain access to user accounts details like Gmail, Facebook, Zoom and Paypal. Not only limited to this, the vulnerability opened access to all web-based accounts and information including iCloud and gave permission to use webcam and microphone to watch and listen to anything the user might be doing. This exposed a very critical security flaw in all Apple devices including Mac, iPhone and iPad. This is what ultimately led to him winning the huge Apple bug bounty reward.
Pickren explained that it all began with exploiting the Safari browser (Safari v15 when he attempted this) and gaining access to the webarchive files. Webarchives are local storage for Safari browser where it saves local copies of websites to open them faster.
"This is an awesome trick to let Safari rebuild the context of the saved website, but as the Metasploit authors pointed out back in 2013, if an attacker can somehow modify this file, they could effectively achieve UXSS [universal cross-site scripting] by design,” Pickren wrote in his post.
What it meant was that a user simultaneously downloads these webarchive in order to open an archived website. And this is where a malicious website could gain access. Pickren said that Apple did not consider this potential hacking scenario when first developing Safari's webarchive functionality.
While Apple has not made a statement on these bugs, it has paid out the bounty to Pickren. Interestingly, the Apple bug bounty program has existed for a while now. Under the program, any hacker who can gain access to sensitive user information will be paid a sum of $100,000. Apple has surpassed that amount for the first time and paid Pickren a total reward of $100,500.