Apple Pays Student Record-High $105,000 Bug Bounty for Uncovering Safari, iCloud Vulnerability

BY Chandraveer Mathur

Published 25 Jan 2022

MacBook half shut

Some developers have been rather upset with Apple’s Bug Bounty Program, but one student just collected a $105,000 payout for discovering a vulnerability. This is thought to be a record-high bounty. He was reportedly rewarded for showing Apple how bad actors could hack webcams on Apple devices and make them vulnerable to subsequent attacks.

Ryan Pickren, the cybersecurity student who unmasked the vulnerabilities, says they arise from various issues in iCloud and Safari. The issues allowed malicious websites to attack Apple devices and gain unrestricted access to online accounts such as Gmail, iCloud, and Paypal, among others. It would also give the attackers access to the device’s camera, microphone, and on-screen content.

The Bug Bounty Program can reward contributors up to $1 million, and Apple discloses the maximum bounty awarded per issue category. However, individuals who discover the bugs need not disclose their payouts. Pickren’s bounty is said to be $500 more than the previous highest reward the Cupertino giant gave out.

Earlier, Pickren discovered another iPhone and Mac camera vulnerability. In a detailed blog post, he adds that the newly-discovered issue could give bad actors full access to the device file system. Safari locally stores copies of websites in “webarchive” files. If attackers modify this file, they could wreak havoc. Pickren believes Apple considered it unlikely that an attacker would go to the lengths of downloading the victim’s webarchive file and editing it to attack.

“A startling feature of these files is that they specify the web origin that the content should be rendered in. This is an awesome trick to let Safari rebuild the context of the saved website, but as the Metasploit authors pointed out back in 2013 if an attacker can somehow modify this file, they could effectively achieve UXSS (universal cross-site scripting) by design.”

“Granted this decision was made nearly a decade ago when the browser security model wasn’t nearly as mature as it is today. Prior to Safari 13, no warnings were even displayed to the user before a website downloaded arbitrary files. So planting the webarchive file was easy.”

Apple has since patched the vulnerability and paid Pickren $105,000 for discovering it.

Related Articles

Retail Apple Store India First Image

Apple Enforces Exclusivity, Bans 22 Rival Brands Near First Retail Store in India

Sriansh

Don’t Hang Up During Accidental Crash Detection Calls, says Apple

Dave Johnson
Universal Control

Users Reporting Issues With Continuity Features on macOS 13.3 and iPadOS 16.4

Sriansh

Apple Says It’s Closer to a Completely Carbon-Neutral Supply Chain

Dave Johnson
must-have-ipad-pro-pencil-apps-featured

IPAD PRO 2

Oct 30, 2016

11 Must Have Apps for Apple Pencil and iPad Pro Users

Khamosh Pathak

iPad Pro is a beast of a machine. Yes, it runs iOS but don’t let that fool you. iOS has many ways to be productive and for doing creative work. Granted, it’s different

Read More

MACOS

Jun 13, 2016

‘Apple File System’ Is the Company’s New File System for watchOS, iOS, tvOS, and macOS

Rajesh Pandey

It has long been rumored that Apple is working on a new file system to replace the archaic HFS+ file system that macOS currently uses. The company was expected to announce a new file system

Read More
Apple volunteer

APPLE NEWS

Mar 16, 2015

‘Apple Global Volunteer Program’ will let employees sign up to help local communities

Evan Selleck

Apple is no stranger to donating large sums of money to a cause, or to even help diversification within the tech industry. But now it's aiming to donate some individual human hours as well,

Read More

Want to know more about apple Products

We launch new articles subscribe and get updated. MAX 1 email a week. No spam, ever.

Cancel