https://threatpost.com/apple-bug-bounty-mac-webcam-hack/178114/
Apple Pays $100.5K Bug Bounty for Mac Webcam Hack

A researcher who showed Apple how its webcams can be hijacked via a
universal cross-site scripting bug (UXSS) Safari bug has been awarded what
is reportedly a record $100,500 bug bounty. The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by the victim.

This isn't the first time he's found bugs that let him hoodwink Apple's cameras: In 2020, he discovered vulnerabilities in the Safari browser that could be used to snoop on iPhones, iPads and Mac computers using their microphones and cameras, just by convincing a target to click one malicious link.

This time around, according to Pickren, he found a series of flaws - in
Safari 15 and iCloud Sharing - that could again lead to unauthorized camera access, which would again allow an attack to be launched from a malicious
site.

But his more recent find is worse: It could also enable a shared iCloud document to "hack every website you've ever visited," he said, and could
steal permissions to use multimedia - in other words, the microphone, camera and screensharing.

Pickren reported that the same hack could result in an attacker gaining full access to a device's entire filesystem, by exploiting Safari's webarchive files, which are the files Safari creates as an alternative to HTML when it saves a website locally.

Pickren submitted the bugs to Apple last July. The iPhone-maker patched the issues earlier this month and subsequently awarded the $100,500 bug bounty
to Pickren.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)