Leading tech companies have always worked hard on their security programs. Every now and then, these tech giants hire people to purposely find bugs so that they can fix it before a malicious hacker gets the air of it.
Recently, an Indian security researcher, Bhavuk Jain, has received $100,000 (Rs 75.5 lakhs) from Apple for discovering a highly critical vulnerability affecting its ‘Sign in with Apple’ system.
The Zero-Day vulnerability could have allowed a hacker to break into an Apple user’s account who logs into third-party apps like Dropbox, Spotify, Airbnb, and Giphy (now acquired by Facebook) and more.
Though the vulnerability existed on the Apple side of code, the researcher said it’s possible that some services and app offering ‘Sign in with Apple’ to their users might have already been using a second factor of authentication that could mitigate the issue for their users.
The tech company’s ‘Sign in with Apple’ feature was launched in 2019. It was introduced as a privacy-preserving login mechanism that allows users to sign up an account with 3rd-party apps without disclosing their actual email addresses, which is also used as Apple ID by many.
Bhavuk disclosed the flaw to Apple last month which led to an award from Apple’s bug bounty program. Apple has since patched the bug.
Bhavuk holds a bachelor’s degree in electronics and communication discovered Zero-Day bug in ”Sign in with Apple” that affected third-party applications that were using it and didn’t implement their own additional security measures.
In a statement given by Bhavuk, he said, “This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not.”
Bhavuk is a full-stack developer interested mostly in mobile app development using React Native. He is currently a full-time bug bounty hunter. He has dedicated his career to making the internet a safer place for all of us.
