Security researcher gets $100,000 Apple bounty for ‘Sign in with Apple’ bug

Victor Barreiro Jr.

This is AI generated summarization, which may have errors. For context, always refer to the full article.

Security researcher gets $100,000 Apple bounty for ‘Sign in with Apple’ bug
Because of Bhavuk's Jain's report, Apple is able to fix the sign-in bug quickly. Apple tells him they investigated their logs and found 'no misuse or account compromise due to this vulnerability.'

MANILA, Philippines – Apple paid Indian security researcher Bhavuk Jain $100,000 for reporting a bug he found back in April with the company’s “Sign in with Apple” feature which would have allowed a remote attacker to take over another person’s account by bypassing the authentication.

The Sign in with Apple feature allows users to sign up an account on third party apps without needing to disclose their Apple IDs, which come in the form of their email addresses.

Speaking with The Hacker News, Jain explained how the vulnerability stems from the way Apple validated a user on the client-side before beginning a request from Apple’s authentication servers. According to Jain, the server creates a JSON Web Token (JWT) which holds information the third-party app uses to confirm a user trying to sign in.

Jain explained in his May 30 blog post he “could request JWTs for any Email ID from Apple and when the signature of these tokens was verified using Apple’s public key, they showed as valid. This means an attacker could forge a JWT by linking any Email ID to it and gaining access to the victim’s account.”

According to Jain, this was a critical vulnerability, as it allowed a full account takeover.

Because he reported the bug, Apple was able to fix it quickly, and the company told Jain they investigated their logs and found “no misuse or account compromise due to this vulnerability.” – Rappler.com

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI

How does this make you feel?

Loading
Download the Rappler App!
Person, Human, Sleeve

author

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.