Ethical hacker Ryan Pickren found seven (7!) zero-day vulnerabilities in Apple Safari that enabled him to construct an attack chain, using three of the vulnerabilities, to hijack iPhone, iPad, iPod touch, and Mac cameras.
iPad Pro cameraEthical hackers, those security researchers who put their hacking talents to use in helping secure the products and services they break, can make a pretty penny. Just last month, I reported how work from home elite hackers participating in the virtual PWN2OWN event earned $130,000 in only 48 hours. Indeed, Google paid ethical hackers $6.5 million last year as part of its vulnerability reward programs, and Apple has a top bug bounty of $1.5 million for the most serious of iPhone hacks. It was as part of this Apple bug bounty program that Ryan Pickren, the founder of proof of concept sharing platform BugPoC, responsibly disclosed his seven zero-day vulnerabilities discovery that enabled him to hijack the iPhone camera, and says earned him a none-too-shabby $75,000 from Apple for his efforts.
Pickren reported his research fully via the Apple Bug Bounty Program in mid-December 2019. “My research uncovered seven bugs,” Pickren says, “but only 3 of them were ultimately used to access the camera/microphone. Apple validated all seven bugs immediately and shipped a fix for the 3-bug camera kill chain a few weeks later.” The three-0day camera kill chain exploit was dealt with in the Safari 13.0.5 update released January 28. The remaining zero-day vulnerabilities, judged to be less severe, were patched in the Safari 13.1 release on March 24.
The $75,000 (£60,665) bounty he says he was paid was the first that Pickren has earned from Apple, which is quite a good start it has to be said. “I really enjoyed working with the Apple product security team when reporting these issues,” Pickren told me, “the new bounty program is absolutely going to help secure products and protect customers. I’m really excited that Apple embraced the help of the security research community.”
MacDailyNews Take: Obviously, this is exactly what Apple’s bug bounty program is designed to do and it’s working to make Apple products even more secure for users!
First, in the PWN2OWN (and similar) competitions the times reported are grossly misleading. While from the official start of the competition it may take mere hours to PWN a device, the people involved often spend hundreds of hours doing researching and testing of possible hacks before the competition starts. Historically there have been reports of remotely owning an iPhone in minutes, but that belies the fact that the persons involved were working on that hack for well over a month before the start of the competition.
Second, Apple spending a few million dollars a year on white hat hackers and bug bounties is virtually nothing compared to its benefits to both Apple (and Apple’s reputation) and the Apple user community in general. Even if Apple doubled the amounts it paid as bounties it would still be cheap by far.
First, in the PWN2OWN (and similar) competitions the times reported are grossly misleading. While from the official start of the competition it may take mere hours to PWN a device, the people involved often spend hundreds of hours doing researching and testing of possible hacks before the competition starts. Historically there have been reports of remotely owning an iPhone in minutes, but that belies the fact that the persons involved were working on that hack for well over a month before the start of the competition.
Second, Apple spending a few million dollars a year on white hat hackers and bug bounties is virtually nothing compared to its benefits to both Apple (and Apple’s reputation) and the Apple user community in general. Even if Apple doubled the amounts it paid as bounties it would still be cheap by far.
Totally agree. Apple should have done this long ago.