Apple Paid Hacker $75,000 for Uncovering Zero-Day Camera Exploits in Safari

by

Apple paid out $75,000 to a hacker for identifying multiple zero-day vulnerabilities in its software, some of which could be used to hijack the camera on a MacBook or an iPhone, according to Forbes.

ipadprocamerabumps
A zero-day vulnerability refers to a security hole in software that is unknown to the software developer and the public, although it may already be known by attackers who are quietly exploiting it.

Security researcher Ryan Pickren reportedly discovered the vulnerabilities in Safari after he decided to "hammer the browser with obscure corner cases" until it started showing weird behavior.

The bug hunter found seven exploits in all. The vulnerabilities involved the way that Safari parsed Uniform Resource Identifiers, managed web origins and initialized secure contexts, and three of them allowed him to get access to the camera by tricking the user to visit a malicious website.

"A bug like this shows why users should never feel totally confident that their camera is secure," Pickren said, "regardless of operating system or manufacturer."

Pickren reported his research through Apple's Bug Bounty Program in December 2019. Apple validated all seven bugs immediately and shipped a fix for the camera kill chain a few weeks later. The camera exploit was patched in Safari 13.0.5, released January 28. The remaining zero-day vulnerabilities, which Apple judged to be less severe, were patched in Safari 13.1, released on March 24.

Apple opened its bug bounty program to all security researchers in December 2019. Prior to that, Apple's bug bounty program was invitation-based and non-iOS devices were not included. Apple also increased the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw.

When submitting reports, researchers must include a detailed description of the issue, an explanation of the state of the system when the exploit works, and enough information for Apple to reliably reproduce the issue.

This year, Apple plans to provide vetted and trusted security researchers and hackers with "dev" iPhones, or special iPhones that provide deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered.

These iPhones are being provided as part of Apple's forthcoming iOS Security Research Device Program, which aims to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers.

Tags: Bug Bounty, Exploit, Safari

Popular Stories

iPhone 17 Pro 34ths Perspective

iPhone 17 Pro Launching Later This Year With These 10 New Features

Sunday March 23, 2025 10:00 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article240 comments
macbook pro blue green

When Will Apple Release the M5 MacBook Pro?

Wednesday March 26, 2025 4:53 pm PDT by
Apple regularly refreshes the MacBook Pro models, and a new version that uses M5 series chips is in the works. Apple just finished refreshing most of the Mac lineup with M4 chips, and now it's time for the M5. Rumors suggest that we could see the first M5 MacBook Pro models this fall. Design There have been no rumors of a design update for the M5 MacBook Pro models that are coming this...
Read Full Article117 comments
Apple Lumon Terminal Pro

Apple's Mac Site Features Fictional 'Lumon Terminal Pro'

Wednesday March 26, 2025 12:19 pm PDT by
Apple is going all out with promotions for the popular Severance Apple TV+ show today, and as of right now, you'll find a new "Lumon Terminal Pro" listed on Apple's Mac site. The Lumon Terminal Pro is designed to look similar to the machines that Severance employees like Mark S. and Helly R. use for macrodata refinement. The Terminal features a blue keyboard, a small display with wide...
Read Full Article107 comments
Facebook Feature

Facebook's New iPhone App Feature Turns the Clock Back to 2007

Thursday March 27, 2025 1:59 pm PDT by
In the mid-to-late 2000s, Facebook was all about staying connected with friends and family. However, as the social media platform added new features and grew over time, that core experience began to get drowned out. That changes starting now, according to Meta, which today introduced a new feature that will "bring back the joy" of classic Facebook. Specifically, Meta has redesigned the...
Read Full Article111 comments
Generic iOS 18

iOS 18.4 Coming Soon With These New Features for Your iPhone

Tuesday March 25, 2025 6:45 am PDT by
Apple is expected to release iOS 18.4 to the general public as soon as next week, following more than a month of beta testing. Apple's website says some iOS 18.4 features will be released in "early April," so the update should be out as early as Tuesday, April 1. Apple this week seeded the iOS 18.4 Release Candidate, which is typically the final beta version, barring the discovery of any...
Read Full Article14 comments
iPhone 17 Pro 34ths Perspective

iPhone 17 Pro Supports 8K Video Recording, Suggests Leaker [Updated]

Wednesday March 26, 2025 4:06 am PDT by
Update 7:25 pm: Based on comments from our forums, it appears the original Weibo post may have been mistranslated and "8K" actually refers to the high price of the device rather than 8K video recording capabilities. The iPhone 16 Pro currently starts at 7,999 yuan in China. Our original article follows below. Apple's forthcoming iPhone 17 Pro models are capable of shooting 8K video, up...
Read Full Article94 comments
iOS 18 4 Ambient Music Control Center

How to Use iOS 18.4's New Ambient Music Feature in Control Center

Thursday March 27, 2025 7:45 am PDT by
The upcoming iOS 18.4 update for the iPhone adds an Ambient Music feature to Control Center. Below, we take a closer look at how it works. iOS 18.4 is currently in beta, so the Ambient Music feature is not widely available yet. The update will likely be released to the general public next week. To use the feature on iOS 18.4, open Control Center and tap on the plus sign in the top-left...
Read Full Article42 comments
Foldable iPhone 2023 Feature 1

'iPhone Fold' to Feature Metallic Glass Hinge That Resists Deformation

Thursday March 27, 2025 4:21 am PDT by
Last week, we covered a report claiming that Apple's book-style foldable iPhone (or "iPhone Fold," as we are provisionally calling it here) will use liquid metal hinges to improve durability and help minimize screen creasing. Today, a Chinese leaker provided more details on the properties of this hinge material that help to clarify why Apple chose it for its first foldable device. According...
Read Full Article108 comments
iOS 18

iOS 18.4 Expected Next Week - Here Are the Release Notes

Friday March 28, 2025 2:01 pm PDT by
With the second release candidate of iOS 18.4 that Apple seeded out today, the company finally provided us with release notes that give a full rundown on what to expect. There's an Apple Vision Pro app, new Apple Intelligence features for notifications and additional language support, plus an Apple News Food feature for Apple News+ subscribers, and several updates that should improve the...
Read Full Article36 comments

Top Rated Comments

Skeith Avatar
Skeith
65 months ago
Good Apple.
Score: 10 Votes (Like | Disagree)
Justanotherfanboy Avatar
Justanotherfanboy
65 months ago

The iPhone needs a camera light hardwired to the camera itself just like the Mac so that exploits like this would at least be noticeable.

So only $75,000 for an exploit that can allow remotely accessing the camera on the Mac or iPhone? Then what in the hell is a $1,000,000 bounty for?
Remote root access, allowing an attacker complete takeover of the system, including deleting the admin account, changing password, etc.
Score: 9 Votes (Like | Disagree)
The Oak Avatar
The Oak
65 months ago
Considering the median US income is around $60k ... $75k is more than a year's work for most Americans. I definitely would not complain.
Score: 7 Votes (Like | Disagree)
tridley68 Avatar
tridley68
65 months ago
$75000 sounds a little light he should have held out for more.
Score: 6 Votes (Like | Disagree)
MacBH928 Avatar
MacBH928
65 months ago
cameras and microphones should have physical disconnection
Score: 5 Votes (Like | Disagree)
JosephAW Avatar
JosephAW
65 months ago
I was just saying this about bandaids and electrical tape on cameras in the other forum post about the mic.

If you can't update your safari because Apple EOL and obsoleted your devices then this is the only work around.
Score: 4 Votes (Like | Disagree)
Read All Comments