Ryan Pickren, a former security engineer at Amazon Web Services, has reported to Apple on a flaw he discovered on the company’s Mac webcams that allows threat actors to gain access to every website a victim has ever visited, for which he was awarded a $100,500 bounty, according to Threatpost.
Pickren pointed to a flaw in the ShareBear iCloud file-sharing app that only prompts users trying to open a shared document the first time they attempt to do so, meaning attackers with access to the shared file can modify the file’s contents after the user has confirmed access.
“ShareBear will then download and update the file on the victim’s machine without any user interaction or notification. In essence, the victim has given the attacker permission to plant a polymorphic file onto their machine and the permission to remotely launch it at any moment,” Pickren said.
Attackers could then change a .PNG format file into an executable binary, which triggers an exploit chain using several other Safari vulnerabilities to allow them to hijack the device’s webcam or microphone as well as steal local files.