Apple, praised for its quality and branding, seldom compromises on its security and privacy and that’s a notable leverage for users opting iOS & macOS incorporated iPhones & iMacs. Perhaps, there isn’t a 100% secure system or anything, as the universe wouldn’t allow it, Apple too would encounter bugs in its operating system. For this reason, the tech offers rewards to anyone who come out with a possible bug in any of its operating system.
And this time, a student named Ryan Pickren is paid with a whopping $100,000 (₹75 lakhs) in return for his detection of a dangerous bug in macOS system’s webcam.
The Bug in Apple iMac
Ryan Pickren, a PhD student of Cybersecurity in Institute of Technology, Georgia approached Apple regarding the bug that exploit on the webcam of a Mac could possibly let anyone to hack the iMac & suck out the passwords, files & more.
This exploit was due to various clashes with iCloud, its sharing app ShareBear and files of webarchive de Safari.
“An amazing feature of these webarchive files is that they specify the web origin to which the content should be rendered,” Pickren writes. “This is an awesome trick to allow Safari to reconstruct the saved website context. Modification of this Safari file could become the gateway for an intruder”.
iCloud lets a user to share a document with another person, and in doing so, Mac will remember that permission has been granted for accessing the file and won’t ask you while opening the document again later. Since the file retains in the iCloud, the file could be modified, turned into an executable, allowing malicious individuals to gain access to someone’s computer.
Pickren used this idea to turn a Pages document or image into malware, and since your Mac won’t ask for permission again, it lets the fellow guy to gain access to the system. While working on it, Pickren managed to hack into Mac’s camera, and microphone. However, Apple’s green LED lights up every time this happens, a productive user could probably be fishy and cautious about this.
Read out these, you may like!
The access to the webcam lets an intruder in accessing accounts from the web, passwords, PayPal data and obviously the user’s iCloud account.
Apple’s Security Bounty Program
Likely, to fix the mistakes of the system, Apple broadens the opportunity to everyone out there, if they could recognize any security preaches and report it to them. And in return, Apple pays you upto $1 million for that, and this what Apple’s Security Bounty Program focusses on – rewarding the ethical hackers.
Apple acts keen on offering solutions to the user regarding any dangerous preach, and this was the case recently while the Pegasus malware.
Pickren got $100,500 exactly for this webcam bug (the biggest pay ever paid by Apple) and this wasn’t the first time for him, being rewarded by the Apple. In 2019, he reported on a feasibility of hacking the camera and microphones of iPhone for which, $75,000 (₹56.3 Lakhs) was paid out to him.
I think that’s more than enough for 2 years. Probably, Pickren is full time into this job, I guess!