Apple has paid $ 75000, the hacker who discovered the bug of the camera in Safari
Apple has paid $ 75,000 of a hacker for the identification of multiple zero-day vulnerabilities in its software, some of which may be used to take control of the camera on a MacBook, iPhone or iPad.
A zero-day vulnerability refers to a security flaw in software that is unknown to the software developer and to the public, although it may already be known to the hackers who are taking advantage of the silence.
According to reports, security researcher Ryan Pickren has discovered a vulnerability in Safari after you have decided to “attack” your browser until it started to show strange behaviour.
Pickren has found seven exploits in everything. The vulnerability related to the way Safari looked the Uniform Resource Identifier for, he managed the origins of the web and he initialized contexts, sure, and three of them allow access to the camera leading the user to visit a malicious Web site.
“A bug like this shows why users should never feel totally secure in the safety of their camera,” said Pickren, “regardless of the operating system or from the manufacturer”.
Pickren has shared his findings through the Bug Bounty Program from Apple in December 2019. Apple has validated immediately all seven of the bug and sent a correction a few weeks later. The exploits of the camera was corrected with Safari 13.0.5, released on 28 January. The remaining zero-day vulnerability, which Apple has deemed less serious, were fixed in Safari 13.1, released on march 24.
Apple has opened up its program of bug bounty to all the security researchers to December 2019. Previously, the program of bug bounty of Apple was based on invitation and were not included with devices that are not iOS. The company has also increased the maximum size of the size d $ 200,000 to exploit a $ 1 million , depending on the nature of the security flaw.
When you send the report, the researchers must include a detailed description of the problem, an explanation of the state of the system when the exploit works, and information reasonably sufficient to enable Apple to reproduce the problem reliably.
This year, Apple is expected to provide the hackers “dev” and the researchers monitored security and trust the iPhone “dev“, or the iPhone special, which provide an access deeper in the software and the operating system underneath, which will facilitate the discovery of vulnerabilities.
These iPhone are provided as part of the future of iOS Security Research Device of Apple, which aims to encourage more security researchers to disclose vulnerabilities, eventually leading to devices more secure for consumers.