Tuesday, September 29, 2020

    Apple pays hacker ₹57 lakh for finding security flaws in its browser

    Apple paid over ₹57 lakh ($75,000) through its bug bounty programme to an ethical hacker who discovered seven zero-day vulnerabilities in its internet browser 'Safari'. Found by former Amazon Web Services security engineer Ryan Pickren, three of the flaws could let hackers gain access to the victim's iOS or macOS device, by letting them hijack the device's camera and microphone.


    Ajay Nirmal
    Graduated from Mumbai University, Ajay brings in the latest news across sports, tech, and world news. Ajay loves talking on tech, latest news, and events.

    Apple paid ethical hacker Ryan Pickren $75,000 for finding vulnerabilities in Apple’s browser Safari which allowed an attacker to hack the user’s camera according to media reports.

    Pickren discovered seven zero-day vulnerabilities in Apple Safari, three of which enabled him to form an attack chain and successfully hijack the iPhone camera, Forbes reported.

    Apple had upped its bug bounty program back in 2019, increasing the amount to $1.5 million for the most serious of iPhone hacks. Pickren, a former security engineer at Amazon Web Services (AWS) had set out to find vulnerabilities in the system as part of the bug bounty program.

    He delved into the Apple Safari browser for iOS and macOS, to “hammer the browser with obscure corner cases” in order to uncover unusual behaviour. He was able to discover seven vulnerabilities and had used three of them to hack into the system’s camera security model.

    Pickren focused on hacking into the camera by prompting the user to log into a malicious website on safari. The website would then enable him to hack into the user’s camera under the guise of trusted video conferencing websites which had earlier gained access to the phone’s camera according to the Forbes report.

    He had then compiled his research and reported the same to Apple back in mid-December 2019, working with Apple’s security team to patch the vulnerabilities.

    Apple fixed three of the flaws in its January 28 Safari 13.0.5 update and the remaining four vulnerabilities were patched in the Safari 13.1 released on March 24.

    ↓   Keep Scrolling for NEXT STORY   ↓

    Top Picks

    Also Read