Home Hacking News Researcher Discovers Critical Vulnerability and Was Awarded $100,000
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

Researcher Discovers Critical Vulnerability and Was Awarded $100,000

by Abeerah Hashim
written by Abeerah Hashim
Sign in with Apple vulnerability

Heads up Apple users! A researcher found a vulnerability that allowed for an attacker to hack accounts simply via email. The vulnerability existed in the “Sign in with Apple” feature, that Apple has now fixed.

Vulnerability In “Sign In With Apple” Feature

Reportedly, security researcher Bhavuk Jain caught a serious bug threatening Apple users. Jain has shared the details of his findings in a blog post.

Briefly, he found a zero-day vulnerability in the “Sign in with Apple” feature. Exploiting the bug could let an adversary take over any account without having the victim to have a valid Apple ID.

The bug existed in how Apple’s Sign-in feature worked with third-party apps. Usually, the feature allows users to share their Apple email IDs with the apps. However, if a user doesn’t want that, Apple generates an Apple relay Email ID from its end for the user.

Following authorization, Apple generates JSON web token (JWT) using the same relay Email ID to let the user login to the third-party app. That’s where the bug existed. Due to a lack of validation, anyone could request the JWT with any Email ID.

As stated by the researcher,

I found I could request JWTs for any Email ID from Apple and when the signature of these tokens was verified using Apple’s public key, they showed as valid. This means an attacker could forge a JWT by linking any Email ID to it and gaining access to the victim’s account.

Since the bug existed in this main feature, it virtually affected all third-party applications that offered this option. These apps include popular services as well, such as Airbnb, Spotify, Dropbox, and Giphy.

Apple Paid A Huge Bounty

Though, the researcher has not shared a specific timeline of events involved in this bug disclosure he did however reveal that he found the bug in April.

Upon discovering the vulnerability, the researcher reached out to Apple to report the flaw. Following his report, Apple worked on a fix for this bug. Also, they made sure no active exploitation of the flaw after going through their logs.

Moreover, they also awarded a bounty of $100,000 to Jain for discovering and responsibly disclosing the bug.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses