An Apple cybersecurity researcher named Ryan Pickren discovered a bug that could allow attackers to gain unauthorized camera access through shared iCloud documents. In addition, the hacker would be able to access the target’s browser history. Pickren showed Apple how its webcams can be hijacked via the bug, which is a universal cross-site scripting bug. Apple has allegedly awarded the security researcher with a record $100,500 bug bounty as the bug could be used by an adversary as part of an attack to gain access to sensitive information on victim devices.
Pickren reported that he discovered a series of flaws in Safari 15 and iCloud sharing that could lead to the unauthorized camera access, however, his most recent find is much worse. By hacking every website a target has visited, an attacker could steal permissions to use multimedia and compromise the camera, microphone and screensharing functions. This could lead to an attacker gaining full access to a device’s entire filesystem. Pickren submitted the bugs to Apple last July, and they were patched this month.
Read More: Apple Pays $100.5K Bug Bounty for Mac Webcam Hack