Skip to content
FOSSBYTES TECH SIMPLIFIED LOGO
Search
  • News
  • Xplained
  • Geek
  • Gaming
  • Streaming
  • Reviews
  • How To
  • Top X
  • Jobs
Menu
  • News
  • Xplained
  • Geek
  • Gaming
  • Streaming
  • Reviews
  • How To
  • Top X
  • Jobs
Facebook Twitter Instagram
Menu
  • News
  • Xplained
  • Geek
  • Gaming
  • Streaming
  • Reviews
  • How To
  • Top X
  • Jobs
FOSSBYTES TECH SIMPLIFIED LOGO
Search
Close
Join Us On Telegram
  • News, Security

Indian Developer Grabs $100,000 For Reporting ‘Sign in with Apple’ Flaw

  • Charanjeet Singh Charanjeet Singh
  • June 1, 2020
Tweet
Share
WhatsApp
Sign In with apple flaw

Sign in with Apple is similar to other app login options such as “Sign in with Google” or Facebook; however, the difference is that Apple’s single sign-on offering is more private and even allows users to mask their email ID.

But Apple’s login method was hoarding a severe zero-day vulnerability that could have resulted in hackers taking over user accounts.

The bug was spotted back in April by an Indian developer, Bhavuk Jain, for which he received a whopping $100,000 in bug bounty. Thankfully, Apple has patched the vulnerability and says no accounts have been compromised.

According to Jain, the bug was specific to third-party apps, i.e., it only affected people who tried using “Sign in with Apple” in a third-party app.

Jain explains in his blogpost that the Apple login method authenticates a user either via JWT (JSON Web Token) or a code generated by Apple’s server. However, Jain noted that attackers could have forged a token linked to any email and could have verified it using Apple’s public key.

If the bug hadn’t been discovered, a hacker could have enjoyed a “full account takeover” despite a user masking their email.

The impact of this vulnerability was quite critical as it could have allowed a full account takeover. Many developers have integrated Sign in with Apple since it is mandatory for applications that support other social logins. To name a few that use Sign in with Apple – Dropbox, Spotify, Airbnb, Giphy, Jain told The Hacker news

Apple introduced “Sign in with Apple” back in 2019 and brought the feature along with iOS 13. The best part about the feature is that a user can control the amount of data to be shared with an app.

Charanjeet Singh

Charanjeet Singh

Charanjeet owns an iPhone but his love for Android customization lives on. If you ever ask him to choose between an iPhone, Pixel or Xiaomi; better if you don't.
More From Fossbytes

Latest On Fossbytes

The Last Of Us Episode 5 To Premiere Early On HBO Max. Here's When & How To Watch It For Free

The Last Of Us Episode 5 To Premiere Early On HBO Max. Here’s When & How To Watch It For Free

Thanks for the Super Bowl.

When And Where To Watch Grammys 2023? Red Carpets, Winners, & More

When & Where To Watch Grammys 2023? Red Carpets, Winners, & More

Giddy up! It’s Grammys time.

apple iphone ultra

Apple Is Reportedly Launching A Pricier iPhone Ultra In 2024

Would you buy it?

Is FuboTV Eating Up A Lot Of Your Data? Here's Everything To Know

Is FuboTV Eating A Lot Of Your Data? Here’s Everything To Know

Save more data to stream more.

best pc vr games to play

10 Best PC VR Games To Play In 2023

Take a look at some of the best native and modded PC VR games.

How to access FuboTV's FanView Experience And Multiview?

How To Access FuboTV’s FanView Experience & Multiview

Now catch all the games on one screen.

Find your dream job

tech jobs board by fossbytes banner
  • About Us
  • Privacy Policy
  • Cookie Policy

Fossbytes

Facebook Twitter Instagram
  • Contact Us
  • Work With Us

find your dream job today

FOSSBYTES JOBS

Fossbytes Media Pvt Ltd © 2022

FOSSBYTES
Facebook Twitter Instagram

FIND YOUR DREAM JOB TODAY

FOSSBYTES JOBS
  • About Us
  • Privacy Policy
  • Cookie Policy
  • Contact Us
  • Work With Us

Fossbytes Media Pvt Ltd © 2022

pixel