Bug in ‘Sign in with Apple’ could have allowed account hijacking

Bug in ‘Sign in with Apple’ could have allowed account hijacking

The tech giant rewards the bug bounty hunter who found the severe flaw in its login mechanism with US$100,000

A bug bounty hunter has disclosed a severe flaw in Apple’s “Sign in with Apple” feature that, if exploited, could have allowed an attacker to hijack people’s accounts on major third-party services. According to Bhavuk Jain, any accounts on third-party apps and websites that used the authentication method but did not implement any additional security measures of their own were at risk.

Jain discovered the bug in April and went on to report it to Apple, which rewarded him with US$100,000 under the company’s Security Bounty program. The Indian bug bounty hunter said that Apple investigated their logs and didn’t find records of any account compromise or misuse stemming from the vulnerability. The bug has since been patched, although Apple has yet to comment publicly on Jain’s findings.

Here’s my first 6 digit bounty from @Apple. Blog post will be up next week. #bugbounty pic.twitter.com/QygxvtGYJb

— Bhavuk Jain (@bhavukjain1) May 24, 2020

Jain notes that there are two ways “Sign in with Apple” authenticates users – either by using a JSON web token (JWT) or by Apple’s servers generating a code, which then generates a JWT. When signing in, the user then has the option to e ..