According to the details Vulnerabilities found in Safari allowed attackers to have access to the camera on iPhones or MacBooks
A hacker identified several vulnerabilities in the browser zero-day Safari, Apple. Some of these allowed the invasion of iPhones and MacBooks cameras. According to Forbes, this discovery yielded $75,000 to the hacker, paid by Cupertino’s own company.
A zero-day vulnerability means that this is a serious security breach unknown to both the public and the software developer. However, it may already be known by (hackers who use knowledge to engage in criminal or malicious activities), who silently exploit it, taking advantage of it while it is not identified.
The person responsible for identifying the vulnerabilities in Safari was hacker Ryan Pickren. According to reports, he “hammered the browser with codes” until strange behavior appeared.
According to the report sent to Apple by Pickren last December, seven vulnerabilities were found in the browser. Some of them could open unsafe pages and allow the attacker to gain access to the device’s camera, tricking the user into visiting a malicious website.
“A bug like this shows why users should never feel completely confident that their camera is safe, regardless of the operating system or the manufacturer,” Pickren said in an interview with Forbes.
According to the report, Apple immediately validated all seven errors, correcting three of them in a new Safari update (presumably version 13.0.5, released on January 28), as they are considered the most serious. The remaining bugs, which are less dangerous in the view of the developers, were fixed in version 13.1, released in March.
Despite having discovered a zero-day, Pickren was far from the maximum amount paid by Apple, which offers up to $1.5 million for more serious vulnerabilities. In late 2019, the company made public its bug reward program and increased the reward, also providing iPhones to security researchers who participate in the initiative.