A cybersecurity student showed Apple how to make the device completely open to hackers after hacking out the Mac camera, and he received $100,500 from the company's false bounty program. Ryan Pickren, who previously discovered vulnerabilities in iPhone and Mac cameras, received what is believed to be Apple's biggest bug bounty payment.
According to Pickren, the new camera vulnerability involves a range of security issues in Safari and iCloud, which Apple has now completely fixed, but malicious websites can still exploit these issues to launch attacks until the device is patched.
Hackers give attackers full access to all web-based accounts, from iCloud to PayPal, as well as access to microphones, cameras, and screen sharing. However, if a hacker wants to peek into what the camera is shooting, its regular green light will still light up normally.
Pickren reports that the same hacking ultimately meant that the attackers gained full access to the device's entire file system.
Apple has not commented on the vulnerability and does not know whether it has been actively exploited by the outside. But Apple has already paid Pickeren $100,500 from its bug bounty program, the biggest bug bounty in history. The company has published a list of the maximum amounts reported for each type of security issue, and the official reward amount of the bug bounty program can be up to $1 million.
As a result, it is possible that apple will pay more than Pickren's $100,500 in the future. However, the company has previously received some criticism for paying less than its own maximum and for the slow pace of patching reported vulnerabilities.
Source: cnBeta
![The new Ghost Vulnerability Mitigation will hit CPU performance hard, but gamers can escape it[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)