Earlier this week it was discovered that Apple’s Safari browser had a vulnerability that allowed hackers to access the microphone and webcam on iPhones, iPods, and MacBooks. This including other zero-day vulnerabilities was discovered by an ethical hacker whom Apple paid $75,000.
According to a report by Forbes, this hacker found a total of seven zero-day vulnerabilities in Safari. The hacker, Ryan Pickren, was paid a $75,000 bounty by Apple for discovering these bugs. This is the first bug bounty Pickren received from Apple.
“I really enjoyed working with the Apple product security team when reporting these issues. The new bounty program is absolutely going to help secure products and protect customers. I’m really excited that Apple embraced the help of the security research community,” Forbes quoted Pickren as saying.
Pickren reported these vulnerabilities to Apple through the company’s bug bounty program in December. Out of the seven bugs, Pickren said three of them could be used to access the camera and mic of Apple devices.
These vulnerabilities can be taken advantage of by tricking users into visiting malicious sites even if they haven’t given camera access for that particular site. Pickren also advised that users should never completely trust giving camera access to sites irrespective of the OS or manufacturer.
After Apple was notified about these bugs, it rolled out an update for Safari on January 28 which patched the camera hijack bug. For the rest of the vulnerabilities, Apple patched these with the Safari 13.1 update on March 24.