A hacker found 7 different bugs in Safari that allowed hackers to access the microphone and webcams without any permission. This affected all devices using Safari, like iPhone, iPad, and MacBooks. The hacker reported the same to Apple and Apple, in turn, paid him a whopping $75,000 from the bug bounty program. The flaw found by him could have easily allowed any hackers out there to hijack and gain control over the iPhone’s camera.
Ryan Pickren, A former Amazon Web Services (AWS) security engineer, found those 7 zero-day vulnerabilities in Safari. 3 out of these 7 bugs allowed him to gain access to the device’s microphone and webcam. He found these bugs in Safari by mid-December 2019 and reported it to Apple in early January 2020. Soon after that Apple fixed the critical vulnerabilities and a reward of $75,000 was given to Ryan Pickren.
Many giant companies like Google, Apple, etc offers bug bounty rewards for those who find critical vulnerabilities in their products and report it to them. Google has paid more than $6.5 million last year as part of the bug bounty program and Apple has paid a hacker whopping $1.5 million for discovering super-serious and critical security flaws in iPhone.
The seven different bug found by him are CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787. Three of these could be used to hijack the webcam in devices running Apple’s very own web browser Safari.
Furthermore, “Ryan added, the new bounty program is absolutely going to help secure products and protect customers. I’m really excited that Apple embraced the help of the security research community.”