Security News > 2022 > January > Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam

Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam.

Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensated with a $100,500 bug bounty, underscoring the severity of the issues.

Taking advantage of the fact that users are never displayed the prompt again once they accept to open the file, Pickren found that it's possible to alter the file's content to anything by anyone with access to the file.

"ShareBear will then download and update the file on the victim's machine without any user interaction or notification," Pickren explained in a technical write-up.

"In essence, the victim has given the attacker permission to plant a polymorphic file onto their machine and the permission to remotely launch it at any moment."

The binary can then be launched, triggering an exploit chain that leverages additional flaws discovered in Safari to take over the machine's mic or webcam, or even steal local files -.

News URL

https://thehackernews.com/2022/01/apple-pays-100500-bounty-to-hacker-who.html