Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Macbook. Show all posts

Apple Awards Bounty of $100,500 for Finding Flaws in MacBook

In 2021, Apple patched a set of MacOs vulnerabilities exposing the Safari browser to attack and letting threat actors hack users' online accounts, cameras, and mic. Cybersecurity expert Ryan Pickren, who found these vulnerabilities and reported back to company Apple, was given a $100,500 bug bounty, considering the critical scale of the vulnerabilities. These bugs exploit a set of security issues with iCloud sharing and Safari 15. 

It allows the hacker to control multimedia permissions and gain full access to all sites that the user has opened using the Safari browser. It also includes Gmail, iCloud, PayPal, and Facebook accounts. The problem is primarily concerned with ShareBear, it is an iCloud file-sharing platform that prompts users to open a shared document. Pickren noticed that the prompt doesn't ask the user to open a file after a user opened it once. 

Pickren concluded that this can allow a threat actor to play with the file's components if he has access to the files. "ShareBear will then download and update the file on the victim's machine without any user interaction or notification. 

In essence, the victim has given the attacker permission to plant a polymorphic file onto their machine and the permission to remotely launch it at any moment," explains Pickren in his writeup. In simpler terms, a .PNG format image file can have all its content and extension converted into an executable binary ("evil.dmg") once the user has opened the file. 

After this, one can launch the binary, which triggers exploit chain vulnerabilities that influence extra bugs found in Safari to control a system's mic and camera and steal local files stored in the device. It is not the first time Pickren disclosed bugs in iOS and macOS that allows a threat actor to gain access to a system and control its commands. 

The unauthorized access is gained when the victim opens a certain file type. He says "this project was an interesting exploration of how a design flaw in one application can enable a variety of other, unrelated, bugs to become more dangerous."