Apple paid hacker Ryan Pickren $75,000 via its bug bounty program (via Forbes). The former Amazon Web Services engineer found seven zero-day vulnerabilities and used three of them to hijack an iPhone’s camera.
During December 2019, Pickren decided to put the notion that « bug hunting is all about finding assumptions in software and violating those assumptions to see what happens » to the test. He opted to delve into Apple Safari for iOS and macOS, to « hammer the browser with obscure corner cases » until weird behavior was uncovered… To cut a very long and technical story short: Pickren found a total of seven zero-day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787) of which three could be used in the camera hacking kill chain.
Check It Out: Apple Pays Hacker Who Found Seven Zero-Days $75,000
Hacker? That word connotes someone criminal. Was he a hacker or a honest security researcher?