Apple paid hacker Ryan Pickren $75,000 via its bug bounty program (via Forbes). The former Amazon Web Services engineer found seven zero-day vulnerabilities and used three of them to hijack an iPhone’s camera.
During December 2019, Pickren decided to put the notion that “bug hunting is all about finding assumptions in software and violating those assumptions to see what happens” to the test. He opted to delve into Apple Safari for iOS and macOS, to “hammer the browser with obscure corner cases” until weird behavior was uncovered… To cut a very long and technical story short: Pickren found a total of seven zero-day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787) of which three could be used in the camera hacking kill chain.