American student hacked Mac, and Apple paid him a record $100.5 thousand for it

American student Ryan Pickren, who studies cybersecurity and previously found vulnerabilities in iPhone and Mac cameras, managed to hack a Mac and even received a reward for it.

For what?

The vulnerability that Pickren discovered is related to a series of problems with Safari and iCloud, but he says Apple has already fixed the problem. However, a security flaw could give an attacker full access to all web accounts, from iCloud to PayPal, as well as permission to use the microphone, camera, and screen sharing. As a result, the hacker could gain full access to the entire file system of the device.

As Ryan explains, this is possible through the use of Safari's "webarchive" files, the system that the browser uses to save local copies. websites. “The striking feature of these files is that they indicate web sourceThe in which the content should be displayed. This is a great trick to allow Safari to restore the context of the saved website, but as the authors of Metasploit pointed out back in 2013, if an attacker can somehow change this file in a way, it can effectively implement UXSS [Universal Cross Site Scripting]."

To do this, the user needs to download the file web archive, and then open it. But Apple didn't consider this a realistic hacking scenario when it first implemented web archive safari. “Of course, this decision was made almost ten years ago, when the browser security model was not yet as mature as it is today. Prior to Safari 13, the user was not even shown any warnings before Web site loaded arbitrary files. So put the file web archive it was easy,” Pikren notes.

Apple did not comment on this study, but it is known that as part of the discovery of errors in the software, the student was paid $100,500. This is supposedly Apple's largest payout, although the official maximum fee for the program is $1 million.

A source: AppleInsider