Theme Layout

Theme Translation

Trending Posts Display

Home Layout Display

Posts Title Display


We Are Sorry, Page Not Found

Home Page

Apple introduced “Sign in with Apple” with iOS 13 along with other major features like “Deep Fusion“, a powerful photo editor, and the popular “Dark Mode“. Now, “Sign in with Apple” was more of a privacy-focused feature, unlike the mentioned ones. However, Bhavuk Jain, an Indian developer with a BSc. in Electronics and Communication degree found that there was a Zero-Day vulnerability in the “Sign in with Apple” account authentication system. He reported this to Apple and the company rewarded him heavily for the deed.

Now, this Zero-Day vulnerability allowed hackers to take control of a user’s account in third-party apps like Spotify, Giphy, Dropbox, and Airbnb.

Apple brought “Sign in with Apple” to hide a user’s personal email ID when signing in to an app or service. It generates a unique ID for a user, that the third-party apps can use to authenticate, which redirects emails to the user’s personal ID.

However, Jain noticed that a bug in the verification system of the feature is showing any email ID as “valid” when a user is signing in with the “Sign in with Apple”.

“This bug could have resulted in a full account takeover of user accounts on third-party apps irrespective of a victim having a valid Apple ID or not”, says Jain.

Now, after spotting this vulnerability, Jain reported this to Apple via the company’s Security Bounty Programme. And Apple, in turn, awarded the 27-year-old developer $100,000 (~Rs 75,57,350).

“For this vulnerability, I was paid $100,000 by Apple under their Apple Security Bounty programme”, Jain announced.

Leave A Reply

Thanks For Writing To us ..