comscore Apple gives Indian man $1,00,000 for finding a vulnerability | BGR India
News

Apple rewards Indian man $1,00,000 for discovering zero-day vulnerability

Since Apple made it mandatory for apps that did not support third-party logins, many developers have made use of the “sign in with Apple” service for their apps. This is where the bug was discovered.

  • Published: May 31, 2020 5:39 PM IST
Apple logo

A new zero-day vulnerability was recently pointed out in Apple’s “sign in with Apple” authentication page. The man from Telangana, India now claims to have been paid $100,000 (about Rs 75 lakh) by the US-based tech giant under its Security Bounty program. Also Read - Get customised Apple MacBooks, iMac in India now

The vulnerability affects third-party apps that use Apple’s authentication, but do not have any security measures of their own. Once exploited, the vulnerability would allow attackers to take full control over user accounts on third-party applications. Also Read - Google CEO Sundar Pichai is open to work with Apple on other projects

Watch: Weekly News Roundup – May 29

Bhavuk Jain, the programmer, also added as per a report by LiveMint that Apple conducted an investigation of its logs after discovering the vulnerability and found that it had not been misused and that no accounts were compromised because of it. Jain further explains in his blog that the “sign in with Apple” function works similar to Oauth 2.0, by authentication a user by either using a JWT or a code generated by Apple’s own server. Also Read - Apple starts mass production of the new AirPods Studio; could be announced at WWDC

Jain discovered that attackers could actually forge a JWT by linking any Email ID to it and gain access to a user’s app account. The attackers could have requested JWTs for any Email ID from Apple. Further, when the signature of these tokens were verified using Apple’s public key, they showed as valid.

Sign in with Apple

Since Apple made it mandatory for apps that did not support third-party logins, many developers have made use of the “sign in with Apple” service for their apps. The feature allows users to sign in to apps and websites by using their Apple IDs instead of their social media IDs.

The service became instantly popular. Unlike various third-party sign-ins, Apple’s authentication allowed users the option to not share their Email IDs, instead of generating a random Email ID for them. This helped strengthened user privacy by making sure that the real Email IDs did not fall into the wrong hands. This also made users browsing through the web feel less exposed.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.
  • Published Date: May 31, 2020 5:39 PM IST



new arrivals in india

Realme Narzo 20A
Realme Narzo 20A

8,499

Realme Narzo 20
Realme Narzo 20

10,499

Realme Narzo 20 Pro
Realme Narzo 20 Pro

14,999

Oppo F17
Oppo F17

17,990

Samsung Galaxy M51
Samsung Galaxy M51

24,999

Poco M2
Poco M2

10,999

Oppo F17 Pro
Oppo F17 Pro

22,990

Realme 7 Pro
Realme 7 Pro

19,999

Realme 7
Realme 7

14,999

Xiaomi Redmi 9A
Xiaomi Redmi 9A

6,799

Vivo Y20
Vivo Y20

12,990

Xiaomi Redmi 9
Xiaomi Redmi 9

8,999

Nokia 5.3
Nokia 5.3

13,999

Motorola Moto G9
Motorola Moto G9

11,499

Realme C15
Realme C15

9,999

Realme C12
Realme C12

8,999

Samsung Galaxy Note 20
Samsung Galaxy Note 20

77,999

Xiaomi Redmi 9 Prime
Xiaomi Redmi 9 Prime

9,999

Oppo Reno4 Pro
Oppo Reno4 Pro

34,990

Samsung Galaxy M01 Core
Samsung Galaxy M01 Core

5,499

Realme 6i
Realme 6i

12,999

Asus Rog Phone 3
Asus Rog Phone 3

49,999

OnePlus Nord
OnePlus Nord

24,999

Infinix Smart 4 Plus
Infinix Smart 4 Plus

7,999

Xiaomi Redmi Note 9
Xiaomi Redmi Note 9

11,999

Samsung Galaxy M01s
Samsung Galaxy M01s

9,999

Vivo X50 Pro 5G
Vivo X50 Pro 5G

49,990

Vivo X50 5G
Vivo X50 5G

34,990

Realme C11
Realme C11

7,499

Poco M2 Pro
Poco M2 Pro

13,999

Realme X3
Realme X3

24,999

Realme X3 SuperZoom
Realme X3 SuperZoom

27,999

Tecno Spark Power 2
Tecno Spark Power 2

9,999

Oppo A12
Oppo A12

9,990

Oppo A52
Oppo A52

16,990

Samsung Galaxy A21s
Samsung Galaxy A21s

15,999

Oppo Find X2
Oppo Find X2

64,990

Motorola One Fusion Plus
Motorola One Fusion Plus

17,499

Samsung Galaxy A31
Samsung Galaxy A31

20,999

Samsung Galaxy M01
Samsung Galaxy M01

8,999

Samsung Galaxy M11
Samsung Galaxy M11

10,999

Infinix Hot 9 Pro
Infinix Hot 9 Pro

9,999

LG Velvet
LG Velvet

Price Not Available

Xiaomi Mi Note 10 Lite
Xiaomi Mi Note 10 Lite

Price Not Available

Apple iPhone SE 2020
Apple iPhone SE 2020

42,500

Honor 30 Pro
Honor 30 Pro

Price Not Available

Honor 30
Honor 30

Price Not Available

OnePlus 8
OnePlus 8

44,999

OnePlus 8 Pro
OnePlus 8 Pro

54,999

Xiaomi Redmi Note 9 Pro
Xiaomi Redmi Note 9 Pro

13,999

Motorola Moto E4
Motorola Moto E4

8,999

Samsung Galaxy On Max
Samsung Galaxy On Max

9,775

nubia N2
nubia N2

15,999

Karbonn K9 Kavach 4G
Karbonn K9 Kavach 4G

5,290

Motorola Moto C Plus
Motorola Moto C Plus

6,999

Best Sellers