Apple pays $100,000 to Delhi-based hacker for ‘Sign in with Apple’ security issue

Apple paid a bug bounty of $100,000 to a Delhi-based security researcher who pointed out a critical vulnerability in “Sign in with Apple” account auntication. Apple had anunced ‘Sign in with Apple’ in June 2019 to provide a more privacy-oriented option to login into apps and websites than Facebook and Google account.

On May 24, Bhavuk Jain, vulnerability researcher, took to Twitter to anunce that he has received confirmation mail of $100,000 bug bounty. He also posted a snippet of mail which said Jain’s report qualifies for Apple Security Bounty and firm will reward him $100,000 for reporting issue.

A week later, Jain shared details of bug in a detailed blog post saying impact of vulnerability was quite critical as it could have allowed full account takeover. He wrote that a lot of developers have integrated Sign in with Apple since it is mandatory for applications including Dropbox, Spotify, and Airbnb that support or social logins.

“This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or t,” he added.

Read: 'Wise Decision If...': Arshad Warsi On Apple's Proposal To Shift To India From China

' account compromised'

Jain said that though applications were t tested, those could have been vulnerable to a full account takeover if re weren’t any or security measures in place while verifying a user. He added that Apple also did an investigation of ir logs and determined re was misuse or any account compromised due to this vulnerability.

HackerOne CEO Marten Mickos congratulated Jain for “fantastic find” saying everyone benefits if a vulnerability is found and fixed.

Read: Leonardo DiCaprio, Martin Scorsese's 'Killers Of Flower Moon' Acquired By Apple

(Im: AP)