An ethical hacker Ryan Pickren found multiple security flaws, and this is why Apple paid $75,000 to him. Ryan Pickren found out vulnerabilities in Safari; these vulnerabilities allow the attacker to hack the iPhone camera.
Apple paid $75,000 to hacker for hijacking iPhone camera via Safari as part of its bug bounty program
In Apple Safari, Ryan Pickren discovered seven zero-day flaws and three of them enabled him to set the attack chain and hijack the iPhone camera.
In 2019, Apple raised its bug program by increasing the amount to $1.5 million for iPhone hacks. Ryan Pickren is a security engineer at Amazon Web Services; he found out the vulnerabilities in the Apple devices.
Pickren investigated in the Apple Safari browser for macOS and iOS. To uncover the security flaw, he studied and “hammer the browser with obscure corner cases”. Further, he discovered seven vulnerabilities and used three of them to hack the system’s camera security.
Ryan hacked the camera by helping the user to log in in the malicious website on safari. Then the website allows him to hack the users’ camera in the form of a trusted video conference websites which gained access to the phone’s camera.
Then he collected his research and informed about it to Apple in mid-December 2019.
In January, Apple fixed three flaws with Safari 13.0.5 update, and the other four flaws were fixed in Safari 13.1 update, which released on March 24.