Hacker flags Safari vulnerabilities, wins Rs. 57 lakh from Apple

The ginormous "bug bounty" was awarded to former Amazon Web Services (AWS) security engineer Ryan Pickren.

He had looked at Apple's Safari ecosystem and discovered at least seven critical zero-day vulnerabilities posing a threat to the security of users.

However, instead of using them for attacks, he reported the bugs to the company, ensuring that they were fixed before anyone could exploit them.

Of the seven issues uncovered, three opened a way to hijack the camera and microphone of iPhones, iPads, and Macs.

The exact exploit has not been detailed, but the issues largely revolved around tricking the user into opening a malicious website, which, when opened, could access the camera if it had previously trusted video-conferencing platforms like Zoom and Skype.

Pickren says he had informed Apple about the vulnerabilities back in mid-December and the company was quick to issue the required fixes and release the reward.

The glitches were not disclosed until earlier this week, the researcher added, noting this is the first reward he has won under the bug bounty program that Apple recently expanded to accept entries for macOS issues.

Speaking to Forbes, Pickren stated, "A bug like this shows why users should never feel totally confident that their camera is secure, regardless of operating system or manufacturer."

He added, "I really enjoyed working with the Apple product security team when reporting these issues. The new bounty program is absolutely going to help secure products and protect customers."