Ethical hacker Ryan Pickren found seven (7!) zero-day vulnerabilities in Apple Safari that enabled him to construct an attack chain, using three of the vulnerabilities, to hijack iPhone, iPad, iPod touch, and Mac cameras.
Ethical hackers, those security researchers who put their hacking talents to use in helping secure the products and services they break, can make a pretty penny. Just last month, I reported how work from home elite hackers participating in the virtual PWN2OWN event earned $130,000 in only 48 hours. Indeed, Google paid ethical hackers $6.5 million last year as part of its vulnerability reward programs, and Apple has a top bug bounty of $1.5 million for the most serious of iPhone hacks. It was as part of this Apple bug bounty program that Ryan Pickren, the founder of proof of concept sharing platform BugPoC, responsibly disclosed his seven zero-day vulnerabilities discovery that enabled him to hijack the iPhone camera, and says earned him a none-too-shabby $75,000 from Apple for his efforts.
Pickren reported his research fully via the Apple Bug Bounty Program in mid-December 2019. “My research uncovered seven bugs,” Pickren says, “but only 3 of them were ultimately used to access the camera/microphone. Apple validated all seven bugs immediately and shipped a fix for the 3-bug camera kill chain a few weeks later.” The three-0day camera kill chain exploit was dealt with in the Safari 13.0.5 update released January 28. The remaining zero-day vulnerabilities, judged to be less severe, were patched in the Safari 13.1 release on March 24.
The $75,000 (£60,665) bounty he says he was paid was the first that Pickren has earned from Apple, which is quite a good start it has to be said. “I really enjoyed working with the Apple product security team when reporting these issues,” Pickren told me, “the new bounty program is absolutely going to help secure products and protect customers. I’m really excited that Apple embraced the help of the security research community.”
MacDailyNews Take: Obviously, this is exactly what Apple’s bug bounty program is designed to do and it’s working to make Apple products even more secure for users!