Indian Security Researcher Wins Rs. 75 Lakhs For Finding Flaw In Apple Sign In

|

An Indian security researcher named Bhavuk Jain just received a huge check worth Rs. 75,00,000 ($100,000) from Apple under a bug bounty programme. He discovered a critical vulnerability in the sign-in process with Apple, here are the details.

Indian Security Researcher Wins Rs. 75 Lakhs For Finding Flaw

 

According to the reports, the vulnerability would allow hackers to log in to the user's account who used Apple's sign in with apple feature for authentication. This is now considered as a zero-day vulnerability and the company has already fixed the issue. Before fixing the issue, Apple did investigate the case to ascertain if there were any misuse of this bug and found none.

A zero-day vulnerability is something that has zero days gap between the time of vulnerability discovered and the first attack. And now, it looks like this susceptibility has not been misused by anyone. This bug could have caused major cybercrime, where Apple users could have had lost their control over apps and services like Facebook, Spotify, Dropbox, Giphy, and Airbnb.

A user can authenticate using Sign up with Apple by using JWT (JSON Web Token) or a code generated by the Apple server, which was again used to generate JWT. In the second step of the process, a user has an option to share or not to share Apple ID with the app developer.

If a user chose the second option, the system would automatically generate another user-specific Apple relay ID. The JWT code generated by Apple contains this email ID, which can be used to login to an app. Not just that, Jain also found out that the JWTs can be requested to any email ID and when the signature was verified by Apple's public key.

This feature would allow an attacker to forge JWT by linking the e-mail ID letting access to a user account without actually having the credentials, which could lead to a full account takeover. The company resealed Sign-up with Apple feature in 2019 to offer more discreet login option to third-party apps. A lot of apps have opted for this feature, offering users an easy sign-up process.

 

Bhavuk Jain in a statement said that "the bug could have resulted in a full account takeover of user accounts on that third-party application irrespective of a victim having a valid Apple ID or not and Apple paid $100,000 under Apple Security Bounty program". Jain is a full-stack mobile application developer by profession and a full-time bug-bounty hunter, trying to make the internet a safer place for everyone.

Via

Most Read Articles
Best Mobiles in India

Read More About: apple news security

Best Phones

Get Instant News Updates
Enable
x
Notification Settings X
Time Settings
Done
Clear Notification X
Do you want to clear all the notifications from your inbox?
Yes No
Settings X
We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and ad networks. Such third party cookies may track your use on Gizbot sites for better rendering. Our partners use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on Gizbot website. However, you can change your cookie settings at any time. Learn more
X