A group of hackers discovered seven vulnerabilities that affected the devices of the bitten apple and got in return 75.
According to a report by Forbes, Apple has paid the sum of $75,000 to a hacker as a reward for discovering seven serious security vulnerabilities, three of which allow you to take complete control of the camera on mobile devices and computers of the bitten apple.
iPhone, iPad and Mac are therefore hackable and someone, if they were aware of these vulnerabilities, in theory could spy on us by activating the camera. The vulnerabilities were discovered by Ryan Pickren, founder of the ethical hacker platform BugPoC, who reported them to Apple as per the company's "bounty program". The $75,000 is the reward for following the program's rules, avoiding leaking information about these bugs before Apple could find the solution. The amount is very high, compared to the average rewards of this kind of programs, a sign that the vulnerabilities discovered were many and very dangerous.
The vulnerabilities discovered
The serious bugs discovered by Pickren are seven, as said, but the most dangerous ones were the three that, if well exploited, allowed access to camera, video camera and even microphone of Apple devices. These are "zero-day" vulnerabilities, i.e., vulnerabilities that escaped the developers when writing the code and only came out later, all affecting the Safari browser. To access the camera it was necessary to use all three vulnerabilities, which is not easy but possible. Once "entered" in the photo/video camera it was possible to control its operation without the user noticing anything.
Apple has already fixed
As always happens with zero-day vulnerabilities communicated to software houses through bounty programs, also in this case the news came out when Apple had already plugged the flaws. The three camera-related vulnerabilities were fixed with the Safari update to version 13.0.5, released on January 28. The remaining zero-day vulnerabilities, which were deemed less serious, were fixed in the March 24 Safari 13.1 release. Any Apple device with Safari updated to version 13.1, therefore, is completely safe. But if you have an Apple device with an older version of Safari, then it's best to take immediate action by upgrading.