Developer scores $100,000 bounty from Apple for exposing a critical vulnerability
Apple ID bug would allow hackers to take control of a user’s account
Apple awarded $100,000 to Bhavuk Jain for identifying a security vulnerability in the "Sign in with Apple" feature found on some websites and third-party applications. Hackers could use the bug to take control of a user's account.
Apple's servers use a JSON Web Token, which can contain the user’s Apple ID email address, to verify a user account during the “Sign in with Apple” process.
Jain discovered he could request a JSON Web Token for a real Apple account, and the signature would be verified each time. With an email address connected to an Apple ID, a hacker could to get a validated token and access the account.
Apple reviewed server logs during the patching process and determined the flaw had not been exploited. Accounts using two-factor authentication are less likely to be vulnerable to this bug.
This type of hacking-for-pay is relatively common today. Apple and other tech companies use bounty programs to encourage white-hat hackers to uncover vulnerabilities in their software.
This allows companies to patch flaws before they are made public for a fraction of the cost of fixing hacks post-mortem. Companies pay the most substantial bounties for exposing serious vulnerabilities.
