Security researcher Bhavuk Jain has landed a $100,000 payday after he reported a critical flaw in Apple’s sign-in system that could be exploited to access countless accounts on sites from Dropbox and Spotify to Airbnb.
In April, Jain discovered the vulnerability in “Sign in with Apple” – a single-sign-in service launched last year – which allows people to use their Apple account IDs to log into third-party apps. He sent his bug report to Cupertino through its bug bounty program, and at the weekend, with $100,000 in hand and Apple having patched the issue, he revealed details of the flaw.
You, Apple Mac fan. Put down the homemade oat-milk latte, you need to patch a load of security bugs, too
quick critical apple system
