Apple Pays $100.5K Bug Bounty for Mac Webcam Hack

2022-01-31 18:18

A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug Safari bug has been awarded what is reportedly a record $100,500 bug bounty.

The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by the victim.

Great research once again from Ryan Pickren for those looking for Apple bugs: Gaining unauthorized camera access via Safari UXSShttps://t.

The iPhone-maker patched the issues earlier this month and subsequently awarded the $100,500 bug bounty to Pickren.

Since users aren't presented with the display again once they've accepted the prompt to open the file, Pickren found that anyone who has access to the file can alter the file's content after that occurs.

The bug could allow a malicious application to bypass checks done by Gatekeeper: a macOS security feature that attempts to reduce the likelihood of inadvertently executing malware by enforcing code signing and verifying downloaded applications before allowing them to run.

News URL

https://threatpost.com/apple-bug-bounty-mac-webcam-hack/178114/

#apple #bounty #bugbounty #hack #MAC

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apple		135	564	4101	1567	2438	8670

News URL

Related news

Related vendor