Hi Welcome You can highlight texts in any article and it becomes audio news that you can hear
  • Thu. Nov 21st, 2024

Indian techie flags vulnerability in Apple’s sign-in system, wins $100,000

Byindianadmin

Jun 1, 2020 #sign-in, #system
Indian techie flags vulnerability in Apple’s sign-in system, wins $100,000

User Placeholder





& nbsp


  • 01 Jun 2020

    Indian techie flags vulnerability in Apple's sign-in system, wins $100,000

  • Bhavuk Jain, a techie hailing from Delhi, has bagged $100,000(Rs. 75.50 lakh) bug bounty from Apple

    Jain had flagged a critical security defect in the Cupertino giant’s ‘ Check In with Apple‘ system, a problem that, he says, might have permitted hackers to take complete control of accounts on third-party apps and services.

    Here is all you need to know about it.

  • Initially, a fast recap of ‘Check in with Apple’

  • Back in June 2019, Apple debuted ‘Sign in with Apple’ as a ‘more private’ alternative for Facebook, Google’s fast social login alternatives.

    The feature authenticated users through their Apple ID email and likewise offered an option to develop a dummy email.

    Naturally, people liked the idea of signing in through Apple and not giving away their data to Google and Facebook.

  • So, what went wrong?

    So, what went wrong?

  • Months later on in 2020, Jain discovered that if a third-party app did not have its own security measures, an opponent might create the authentication token linked to any Apple ID email and validate it as ‘valid’ using the company’s public key.

    This, he found, opened access to the target’s account on the app in question, even in cases when a dummy email was utilized.

  • Concern fixed through server-side modifications

  • Following the discovery, Jain reported the concern to Apple and the business pressed a server-side upgrade to patch it up.

    The researcher claims that the Cupertino giant performed an internal investigation of the issue and determined that the flaw was not made use of to compromise any account on any app/website.

    After releasing the fix, Apple paid him the significant bug bounty.

  • Apple should have detected the flaw sooner

    Apple should have detected the flaw sooner

  • Though the issue has been mitigated, lots of are wondering

Read More

Click to listen highlighted text!