{"id":1405,"date":"2022-02-04T11:04:00","date_gmt":"2022-02-04T18:04:00","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=1405"},"modified":"2022-02-03T14:49:42","modified_gmt":"2022-02-03T21:49:42","slug":"how-a-bug-bounty-hunter-earned-100500-from-apple","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/02\/04\/how-a-bug-bounty-hunter-earned-100500-from-apple\/","title":{"rendered":"How a Bug Bounty Hunter Earned $100,500 from Apple"},"content":{"rendered":"\n

Apple has rewarded a record-breaking bounty of $100,500<\/strong> to a security researcher, who reported a bug that can gain unauthorized webcam access[1]<\/sup>. The bug is known to exploit the security flaws within iCloud Sharing and Safari 15<\/strong>, which allowed attackers to also have access to every website ever visited by the victim.<\/p>\n\n\n\n

\"\"
https:\/\/macosguides.net\/wp-content\/uploads\/2018\/04\/Safari-iCloud.jpg<\/figcaption><\/figure>\n\n\n\n

Who Found this Bug?<\/h2>\n\n\n\n

The security researcher that found this bug is Ryan Pickren, who is a founder of proof-of-concept sharing platform “BugPoC” and a former Amazon Web Services security engineer. This is not the first time that he has identified a flaw within the Safari Browser. Back in 2020, he discovered that flaws in the Safari Browser can be used to snoop one’s iPhones, iPads, and Mac computers through cameras and microphones[2]<\/sup>. <\/p>\n\n\n\n

What exactly was the bug?<\/h2>\n\n\n\n
\"\"
https:\/\/securityaffairs.co\/wordpress\/127410\/hacking\/apple-macbook-webcam-microphone-hack.html\/attachment\/apple-macos-sharebear-attack<\/figcaption><\/figure>\n\n\n\n

According to Pickren, the vulnerability is centered around an app called “ShareBear”<\/strong>. ShareBear is an iCloud Sharing app that prompts users when they attempt to open a shared document file for the first time and only the first time. The most important thing about ShareBear in this context is that it only prompts the user the first time.<\/strong> If the victim accepts the prompt, the attacker has permission to the file as long as the file is shared with the attacker, because the victim’s Mac would remember that it has accepted the file. Once the attacker has full permission to the file, the attacker can plant a polymorphic file onto the machine and remotely launch it at any moment[2]<\/sup>. Since the victim’s Mac recognizes the file and has already given permission to the attacker, the attacker can plant the polymorphic file without having the victim to allow this action. <\/p>\n\n\n\n

You might ask yourself what a polymorphic file is. <\/p>\n\n\n\n

A polymorphic file is a virus that can constantly mutate its code, making it extremely difficult for computers to detect the virus yet retain the same basic routines after every infection [3]<\/sup>.<\/p>\n\n\n\n

<\/p>\n\n\n\n

There are three steps involved in using Sharebear to download and open a web archive file<\/strong>[2]<\/sup>.<\/p>\n\n\n\n