An Indian Security researcher, Bhavuk Jain won a $100,000 bounty from Apple on finding a critical bug within its Sign in with Apple. Now patched the bug could allow hackers easy access to the user’s account. The 27-year-old developers revealed this via his blog post.
He claimed, “For this vulnerability, I was paid $100,000 by Apple under their Apple Security Bounty program.”
Apple has fixed the critical flaw and paid $100,000 that translated to Rs 75 lakh as a part of the Apple Security Bounty program. To recall last year in 2019 the company announced Sign in with Apple that gave access to the users to simply Sign-in into third-party apps and websites using their Apple ID. This way is said to be the most secured as well as private sign-ins than Google or Facebook. The company assures the users that Sign in with Apple keeps the user’s data safe while other social sign-ins may collect user’s private information this means the users are allowed to sign up with apps and services anonymously without having to reveal their Apple ID.
However, Bhavuk Jain claimed that In April this year he found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn’t implement their own additional security measures. According to him, this could potentially allow hackers to fully take over any account linked to it such as a third party application irrespective of a victim having a valid Apple ID or not. The Sign-in with Apple supports applications such as Dropbox, Spotify, Airbnb, Giphy.
“The Sign in with Apple works similarly to OAuth 2.0. There are two possible ways to authenticate a user by either using a JWT (JSON Web Token) or a code generated by the Apple server. The code is then used to generate a JWT.” The JWT contains the mail ID which is then used by the 3rd party app to log in a user. He further identified that JWTs for any Email ID from Apple and when the signature of these tokens was verified using Apple’s public key, they showed as valid. This means an attacker could forge a JWT by linking any Email ID to it and gaining access to the victim’s account.
According to him, this vulnerability was quite critical as it could have allowed a full account takeover. When Apple learnt about the bug it also did an investigation of their logs and determined there was no misuse or account compromised due to this vulnerability.
For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Facebook and Instagram. For newest tech & gadget videos subscribe to our YouTube Channel. You can also stay up to date using the Gadget Bridge Android App.
