New Delhi: In the year 2019, a student of Georgia Institute of Technology, Ryan Pickren noticed many shortcomings in the iPhone. Under these shortcomings, turning on the camera and microphone without the permission of the users was allowed.
The security vulnerabilities were reported to Apple by Pickren, a PhD student at Georgia Institute of Technology. The company offered the student a $75,000 bounty, also known as a bug bounty, to correct the defect.
According to a report by 9to5Mac, Pickren found another vulnerability but this time it was in the Mac webcam. He wrote on his website, “My hack has successfully seen a series of cases like this with iCloud sharing and Safari 15 gain unauthorized camera access.
However, this bug requires the victim to click on Open via a popup from my website. The result is simply not allowing multimedia. Rather it is more than that.
According to Pickren, the bug was quite dangerous as it would have allowed any hacker to access any website visited by the victim. So not only could the camera be hacked but also access to any other accounts like Gmail, Facebook or iCloud could be found. Pickren explains on his website how the bug has taken advantage of this and how dangerous it is.
He further wrote on his site that he discovered how one design shortcoming in an application could enable many other bugs to become more dangerous.
It also said, “This could also be a great example of how a hacker can still gain access to users’ apps with malwares even after macOS Gatekeeper is enabled.”
In July 2021, Pickren submitted these bugs to Apple. He says Apple has resolved all issues and was awarded a $100,500 bounty under the bug bounty program. However, it is not confirmed that this could be the biggest bounty that Apple has made under its bug bounty program so far.
first published:Jan. 28, 2022, 11:23 p.m.