Apple Pays Hacker Who Found Seven Zero-Days $75,000

Dramatic interpretation of a hacker plying his trade

Apple paid hacker Ryan Pickren $75,000 via its bug bounty program (via Forbes). The former Amazon Web Services engineer found seven zero-day vulnerabilities and used three of them to hijack an iPhone’s camera.

During December 2019, Pickren decided to put the notion that “bug hunting is all about finding assumptions in software and violating those assumptions to see what happens” to the test. He opted to delve into Apple Safari for iOS and macOS, to “hammer the browser with obscure corner cases” until weird behavior was uncovered… To cut a very long and technical story short: Pickren found a total of seven zero-day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787) of which three could be used in the camera hacking kill chain.

Check It Out: Apple Pays Hacker Who Found Seven Zero-Days $75,000

One thought on “Apple Pays Hacker Who Found Seven Zero-Days $75,000

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WIN an iPhone 16 Pro Max!