An Indian security researcher found a critical ‘Sign in with Apple’ bug which allowed any potential hacker to hijack any Apple account, got $100,000 bug bounty from Apple
It looks great when your coding knowledge pays handsome rewards. This happened to an Indian security researcher, Bhavuk Jain who collected a whopping $100,000 bug bounty from Apple for discovering a highly critical vulnerability affecting its ‘Sign in with Apple‘ system.
Jain discovered a critical Sign in With Apple vulnerability last month. The highly critical vulnerability allowed a potential hacker to manipulate the JSON Web Token (JWT) in Sign in With Apple and could hijack any user’s account. The Sign in With Apple is an authorization token used by many third-party Apps to allow users access to their Apps using Apple login.
Nowadays most Apps have the option to access their services and games via Facebook and Google accounts. Apple also joined the authorization token fray last year when it announced the ‘Sign in with Apple’ feature for third-party Apps during WWDC. Since then it is being used by many third-party Apps to offer their services via the Apple id login and allows users to login without disclosing their actual email addresses.
Jain found that the Sign in With Apple works by authenticating a user through a JWT (JSON Web Token) or a code that’s generated by Apple’s server. The code is then used to generate a JWT.
Jain found he could request JWTs for any email ID from Apple and when the signature of these tokens was verified using Apple’s public key, they showed as valid. This means a potential hacker could easily forge a JWT by linking any email ID to it and gaining access to any victim’s account. The impact of this vulnerability was quite critical as it could have allowed a full account takeover.
Jain informed Apple about the vulnerability and Apple acknowledged it as being highly critical. It also informed Jain that the vulnerability has not been exploited so far in the wild. Apple patched the vulnerability last week and awarded a handsome $100,000 bug bounty to Jain under its Apple Security Bounty Program.