What you need to know
- Apple has reportedly paid out $75,000 to hacker Ryan Pickren.
- That's because of seven zero-day vulnerabilities he discovered in Apple's software.
- He was able to use them to hijack the camera on any iOS or macOS device.
A report from Forbes claims that hacker Ryan Pickren was paid $75,000 by Apple's bug bounty program for seven zero-day vulnerabilities he discovered in Apple's software.
According to the report
One hacker found no less than seven zero-day vulnerabilities that enabled him to construct a kill chain, using just three of them, to hijack the iPhone camera successfully. Well, any iOS or macOS camera for that matter. Here's how he did it and what happened next... It was as part of this Apple bug bounty program that Ryan Pickren, the founder of proof of concept sharing platform BugPoC, responsibly disclosed his seven zero-day vulnerabilities discovery that enabled him to hijack the iPhone camera, and earned a none-too-shabby $75,000 from Apple for his efforts.
According to the report, in December of 2019 Pickren starter to "hammer" Apple's Safari browser for iOS and macOS to uncover weird behavior, particularly in relation to camera security. Eventually, he discovered seven zero-day vulnerabilities in Safari, three of which could be used in a "camera hacking kill chain." The exploit involved tricking a user into visiting a malicious website.
Pickren reported his research to Apple in mid-December:
"My research uncovered seven bugs," Pickren says, "but only 3 of them were ultimately used to access the camera/microphone. Apple validated all seven bugs immediately and shipped a fix for the 3-bug camera kill chain a few weeks later." The three-0day camera kill chain exploit was dealt with in the Safari 13.0.5 update released January 28. The remaining zero-day vulnerabilities, judged to be less severe, were patched in the Safari 13.1 release on March 24.
As you'll note, all of these bugs have been patched and fixed, so you don't need to be worried about them. It's standard industry practice for hackers and security companies to disclose their findings to companies, giving them time to patch issues before they make them public. Pickren picked up $75,000 for his troubles, which is not to be sniffed at. Apple's Security Bounty Program can pay up to a massive $1.5 million for the most serious exploits. Regarding the program Pickren stated:
"I really enjoyed working with the Apple product security team when reporting these issues... the new bounty program is absolutely going to help secure products and protect customers. I'm really excited that Apple embraced the help of the security research community."
We may earn a commission for purchases using our links. Learn more.
Trump administration ordered to postpone TikTok ban or defend it by Friday
A judge has told the Trump administration it must either postpone its U.S. ban on TikTok or respond to a court by Friday in defence of the move.
EU to appeal Apple's $15 billion tax bill ruling
A new report says the EU will appeal a court decision stating that Apple's tax arrangements in Ireland did not breach state aid laws in the bloc. The EU says Ireland is owed nearly $15 billion by Apple.
Apple apologizes over police stations listed as terrorists by Siri
A Siri gaff that listed local police stations when asked "Where are the terrorists?" has been fixed, and Apple has apologized over the issue.
Your iPhone 11 Pro will love these screen protectors!
The screen on your new iPhone is very expensive to replace. Because of this, you may want to consider buying an inexpensive screen protector