Indian dev bags $100,000 for reporting a critical flaw in ‘Sign in with Apple’: Report | HT Tech

Indian dev bags $100,000 for reporting a critical flaw in ‘Sign in with Apple’: Report

The zero-day flaw in ‘Sign in with Apple’ system could have allowed hackers to gain full control of user accounts on a specific third-party app.

By: HT TECH
| Updated on: May 31 2020, 13:00 IST
'Sign in with Apple' flaw could have allowed attackers take over accounts
'Sign in with Apple' flaw could have allowed attackers take over accounts (Pixabay)

Bhavuk Jain, a New Delhi-based developer, says he has received $100,000 under Apple's bug bounty programme for finding a critical security loophole in the company's ‘Sign in with Apple' system.

Jain in a blog post said that he had discovered the zero-day bug in the 'Sign in with Apple' systems that were used by the third-party applications and didn't have additional security measures in place.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
34% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

The critical flaw could have allowed hackers to gain control of user accounts on that specific third-party app. This could have happened regardless the user has a valid Apple ID or not, he added.

Also read
Looking for a smartphone? To check mobile finder click here.

Apple is said to have already fixed the flaw. According to Jain, Apple has also determined that the flaw was not exploited by hackers.

“…A lot of developers have integrated Sign in with Apple since it is mandatory for applications that support other social logins. To name a few that use Sign in with Apple - Dropbox, Spotify, Airbnb, Giphy (Now acquired by Facebook). These applications were not tested but could have been vulnerable to a full account takeover if there weren't any other security measures in place while verifying a user,” wrote Jain in the blog post.

Apple had launched ‘Sign in with Apple' login system in June last year. Touted as a more secure way of signing up with third-party platforms, Apple allows users to give select details such as name and email address. The information is protected by the company's Face ID 3-D login system on iPhones and iPads.

Users have more flexibility in terms of what information they want to share. One of the highlights is randomised email addresses so that third-party apps or anyone else don't find the real email IDs of users.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 31 May, 11:47 IST
NEXT ARTICLE BEGINS