Security News > 2022 > January > Apple Pays $100.5K Bug Bounty for Mac Webcam Hack

Apple Pays $100.5K Bug Bounty for Mac Webcam Hack
2022-01-31 18:18

A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug Safari bug has been awarded what is reportedly a record $100,500 bug bounty.

The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by the victim.

Great research once again from Ryan Pickren for those looking for Apple bugs: Gaining unauthorized camera access via Safari UXSShttps://t.

The iPhone-maker patched the issues earlier this month and subsequently awarded the $100,500 bug bounty to Pickren.

Since users aren't presented with the display again once they've accepted the prompt to open the file, Pickren found that anyone who has access to the file can alter the file's content after that occurs.

The bug could allow a malicious application to bypass checks done by Gatekeeper: a macOS security feature that attempts to reduce the likelihood of inadvertently executing malware by enforcing code signing and verifying downloaded applications before allowing them to run.


News URL

https://threatpost.com/apple-bug-bounty-mac-webcam-hack/178114/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349