SECRY – CVE-2022-32947 – In 2022, a Vtuber named Asahi Lina was reported to have successfully discovered a critical security vulnerability in the GPU Driver of the MacOs operating system, identified with the code CVE-2022-32947 detail here, and received a bug bounty reward from Apple Security. We first learned about this information on Facebook in October 2023 and immediately began to investigate. Here’s what we found.
What is CVE-2022-32947, and How Did Asahi Lina Discover It?
In short, from the information we gathered from a video and a short statement by Asahi Lina, this vulnerability was discovered while Asahi Lina was livestreaming. At that time, she was experimenting with Apple’s GPU on MacOS, and she unintentionally realized that she could overwrite system memory, gaining root access.
Without delay, she reported this bug or vulnerability to Apple Security and received a reward. Several months later, her name and username were officially included in the credits or Hall of Fame on the apple.com website for her discovery of a critical security vulnerability in MacOS, iOS, and other systems https://support.apple.com/en-us/HT213488 .
You can watch the full explanation and details of this vulnerability in a video livestream from one month ago here or you can watch the video from this below:
Who Is Asahi Lina?
Asahi Lina, who goes by the username @LinaAsahi or @AsahiLina, is indeed known for regularly conducting live streams and uploading content on YouTube. Based on our observations, as of now, the YouTube channel @AsahiLina has reached approximately 23.1 thousand subscribers.
Through our research, we also discovered that Asahi Lina is a developer and the creator of Asahi Linux OS. It’s no surprise that, upon visiting her YouTube channel, you’ll find that most of her video and livestream content revolves around app programming, Linux programming, assembly language, reverse engineering, and operating systems.
The majority of her content delves into experiments in reverse engineering and discussions about programming applications/machines in Apple software and hardware, such as MacOS.
There is no exact information regarding the bug bounty reward amount from Apple for CVE-2022-32947, which Asahi Lina discovered. However, after briefly watching Asahi Lina’s livestream 1 month ago with Vtuber Cyan, where they thoroughly discussed the bug and how she found it, with a duration of “3:11:53,” we discovered that the total reward amounted to $150,000. In addition to the monetary reward, Asahi Lina was also honored as the first Vtuber to report a bug in macOS and win a bounty for her discovery.