Apple Pays Scholar File-Excessive $105,000 Bug Bounty for Uncovering Safari, iCloud Vulnerability
2 mins read

Apple Pays Scholar File-Excessive $105,000 Bug Bounty for Uncovering Safari, iCloud Vulnerability


MacBook half shut

Some builders have been quite upset with Apple’s Bug Bounty Program however one pupil simply collected a $105,000 payout for locating a vulnerability. That is regarded as a record-high bounty. He was reportedly rewarded for displaying Apple how dangerous actors might hack webcams on Apple gadgets and make them susceptible to subsequent assaults.

Ryan Pickren, the cybersecurity pupil who unmasked the vulnerabilities says they come up from varied points in iCloud and Safari. The problems allowed malicious web sites to assault Apple gadgets and acquire unrestricted entry to on-line accounts akin to Gmail, iCloud, and Paypal, amongst others. It could additionally give the attackers entry to the gadget’s digicam, microphone, and on-screen content material.

The Bug Bounty Program can reward contributors as much as $1 million and Apple discloses the utmost bounty awarded per concern class. Nonetheless, people who uncover the bugs needn’t disclose their payouts. Pickren’s bounty is alleged to be $500 greater than the earlier highest reward the Cupertino large gave out.

Earlier, Pickren found one other iPhone and Mac digicam vulnerability. He provides that the newly-discovered concern might give dangerous actors full entry to the gadget file system. Safari domestically shops copies of internet sites in “webarchive” information. If attackers modify this file, they might wreak havoc. Pickren believes Apple thought-about it unlikely that an attacker would go to the lengths of downloading the sufferer’s webarchive file and modifying it to assault.

“A startling characteristic of those information is that they specify the online origin that the content material needs to be rendered in. That is an superior trick to let Safari rebuild the context of the saved web site, however because the Metasploit authors identified again in 2013 if an attacker can in some way modify this file, they might successfully obtain UXSS (common cross-site scripting) by design.”

“Granted this choice was made practically a decade in the past when the browser safety mannequin wasn’t practically as mature as it’s at the moment. Previous to Safari 13, no warnings have been even exhibited to the consumer earlier than a web site downloaded arbitrary information. So planting the webarchive file was simple.”

Apple has since patched the vulnerability and paid Pickren $105,000 for locating it.

[Via Cult of Mac]



Leave a Reply

Your email address will not be published. Required fields are marked *