Researcher Ryan Pickren identified a total of seven vulnerabilities in Apple’s Safari web browser, three of which can be exploited to spy on users through the camera and microphone of their iPhone, iPad or Mac computer. The attack only requires the targeted user to access a malicious website — no other interaction is needed.

Apple patched the vulnerabilities that allow hackers to spy on users in January, while the other flaws were fixed in March. Pickren said his exploit fell into the “Network Attack without User Interaction: Zero-Click Unauthorized Access to Sensitive Data” category in Apple’s bug bounty program. He earned $75,000 for his findings, but the top reward in this category is $500,000.