Apple Pays $100.5K Bug Bounty for Mac Webcam Hack

The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also “hack every website you’ve ever visited.”

A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug (UXSS) Safari bug has been awarded what is reportedly a record $100,500 bug bounty. The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by the victim.

The bug-finder is Ryan Pickren, founder of proof-of-concept sharing platform BugPoC and a former Amazon Web Services security engineer. This isn’t the first time he’s found bugs that let him hoodwink Apple’s cameras: In 2020, he discovered vulnerabilities in the Safari browser that could be used to snoop on iPhones, iPads and Mac computers using their microphones and cameras, just by convincing a target to click one malicious link.

Great research once again from Ryan Pickren for those looking for Apple bugs: Gaining unauthorized camera access via Safari UXSShttps://t.co/SP8duGpq8T

— Jon Bottarini (@jon_bottarini) January 25, 2022

This time around, according to Pickren, he found a series of flaws – in Safari 15 and iCloud Sharing – that

Read More: https://threatpost.com/apple-bug-bounty-mac-webcam-hack/178114/