Apple granted Ryan Pickren, an aspiring cyber security student, $100,500 in reward money after he demonstrated to them how a weakness allows him to obtain unauthorised access to Mac cameras, which may possibly expose the machines to complete hacking attack. Using a number of faults with iCloud Sharing and Safari 15, Pickren claimed in a blog post that this could be accomplished by exploiting the flaws. "The issue provides the attacker with complete access to any website that the victim has ever visited." As a result, in addition to turning on your camera, my bug is also capable of hacking into your iCloud, PayPal, Facebook, Gmail, and other online accounts."
Meanwhile, he received notification that Apple had resolved the problem. According to Pickren, the vulnerability would ultimately result in an attacker gaining complete access to a device's whole filesystem, if successful. Exploiting Safari's "webarchive" files would allow for this to be accomplished. Webarchive is a file type produced by the web and utilised by the Safari web browser. It contains HTML, images, sound, and video from websites that have been visited previously. A "surprising aspect" of these files, according to Pickren, is that they define the web origin in which the material should be presented.
In fact, until recently, there was no indication that a website was downloading random files from the user's computer. Consequently, installing the webarchive file was straightforward," he concluded. Users will now be alerted before each download on Safari 13 and above, though.
However, it should be emphasised that Apple has not verified the existence of any security issue. If you're not familiar with Apple's bug bounty programme, it rewards hackers who successfully get "unauthorised access to sensitive data" with a cash reward of $100,000. Apple describes sensitive data as the ability to access contacts, mail, messages, notes, photographs, or location data, among other things.
Back in May 2021, hackers were able to exploit an Apple AirTag vulnerability and rewrite the firmware of the gadget. Apple has introduced the AirTag to assist users in keeping track of their missing belongings. According to a Tweet, a German cybersecurity researcher has purportedly hacked into Apple's Bluetooth-enabled tracker, marking the first time this has happened with the gadget. To hack the AirTag, the researcher employed reverse-engineering techniques on the microcontroller of the device.
Using a number of faults with iCloud Sharing and Safari 15, Pickren claimed in a blog post that this could be accomplished by exploiting the flaws.