Wish I was smart enough to earn something like this so I could finally buy a 16" Macbook Pro... someday
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Paid Hacker $75,000 for Uncovering Zero-Day Camera Exploits in Safari
- Thread starter MacRumors
- Start date
- Sort by reaction score
However being a just vintage device doesn’t mean no further software support.
Yeah 75k is definitely good. I'm sure these hackers have regular day jobs so these are more like substantial bonuses to them.
Interesting idea, however Apple would probably shy away from this as it’s sort of admitting to the possibility that the device could be hacked. Almost as bad as admitting a mistake.
Or Apple. Thank you Ryan Pickren for discovering these 7 vulnerabilities and reporting them to Apple. Although Apple should’ve paid you significantly more after all, you’ve found 7 exploits not just 1
Agreed!
[automerge]1585932816[/automerge]
agreed and likewise about security taping my iPhone.
I’ve been seeing laptops from Lenovo, HP and Dell have “security” switches over the cameras the past year. The sad thing is it’s just a cover over the camera and SW tells camera apps no video feed. They all stopped at this. Non disable the microphone as well as an option. You have to manually “mute” that which is software based not a hardware circuit breaker.
so I wonder if there is a hardware circuit breaker for video being fed by the camera to the application using video I all these security switch on laptops.
notice Apple hasn’t had the need to implement this yet.
we’ll see what the future brings.
When you can't beat them, join them.
APPLE SAVED A BOAT LOAD OF MONEY!!!...BAD PR= BILLONS OF DOLLARS!
Only exposed for one and a half months from the time the camera vulnerabilities were reported in mid 12/2019 to when they were patched in iOS/iPadOS 13.0.5 released on 1/28/2020. Seems like there's room for improvement to reduce the exposure window like unbundling Safari update from iOS/iPadOS updates and make it independently updatable through app store like other apps.
Last edited:
This is why Edward Snowden physically removed cameras and microphones from his phone.
I believe this is true, but would like to see it confirmed.
iPhone really needs a similar light. On the back camera this might be a bit of a problem with polluting the scene, especially in really low light.
For some apps that makes sense but Safari (and WebKit) is so intertwined with the operating system that it's unlikely to be real feasible.
No other OS' force you to update the OS to update the browser. It's "design for obsolescence" so essential apps stop working when OS updates stop then you have to buy a new device, rinse and repeat. You want Apple to start doing that with MacOS too?
Slow down there, spy guy.
You have a gross misunderstanding of the situation. Apple is absolutely NOT building a team of hackers to “catch” other hackers (pretty wild imagination you got there... there’s literally nothing remotely intimating that in this or any other article).
The entirety of the situation is: Apple has a bug bounty program where rewards are given for identifying security risks & reporting them, so Apple can patch said exploits BEFORE bad actors can use them nefariously.
I do agree that it would at least be a more exciting world if it was the way you imagined- & these security researchers were given missions of going deep undercover within the blackhat community, aiding them in their exploits to gain their trust... finding the iOS hacking trail that leads to Dr. Evil and his minions, parachuting in w/guns blazing, etc.
Much more fun than the innocuous truth. =/
Last edited:
This is worthy of attention. He was helping to develop surveillance and was the guy listening in on the other end.
The photo is showing iPad cameras, but based on the test (Safari 13.1 for example) it appears it was a macOS vulnerability.
There are some caveats to this exploit - it’s perhaps not as bad as some are imagining it to be.
Basically it allows a website to access the camera without popping up the permissions dialogue, if you have already granted camera permissions to another website.
However, it doesn’t override the camera icon which appears in the Safari URL bar when a website is accessing the camera. And of course, on a MacBook the camera LED will still illuminate if the camera is on.
So the bug is really with Safari’s permissions checking, not with the security of the camera itself.
Another reason why cameras should be covered when not in use.
[automerge]1586016070[/automerge]
[automerge]1586016070[/automerge]
Long ago smartphones used to have batteries that could be removed which was pretty much a physical disconnection. For manufacturers to offer some sort of physical disconnection is not all that difficult but they choose not to for their own reasons.
Last edited:
but if it was a hadware bug, there would be a different story
.
I wish we could say the say the same for our phones ... How did they get exempted?
In this day and age, i bet hackes would get the most info, nt fom Macs, but from phones because most peple's personal info is there and connected to the cloud.