In short, Ryan explains that the vulnerability allowed malicious websites to masquerade as trusted websites when viewed on Desktop Safari (like on Mac computers) or Mobile Safari (like on iPhones or iPads). The cause of the bug is the feature on Apple browser which lets users permanently save their security settings on a per-website basis.
For successful exploit of the bug, the attacker tricked Apple into thinking a malicious website was actually a trusted one. It did this by exploiting a series of flaws in how Safari was parsing URIs, managing web origins, and initializing secure contexts.
You can read the full technical details about the bug from his blog.
For these all bugs, Apple rewarded Ryan $75,000 under Mac bounty program. And the hijacking of camera bug was considered into the Network Attack without User Interaction: Zero-Click Unauthorized Access to Sensitive Data.