image credit: Pexels

Researcher Claims Apple Paid $100,000 for ‘Sign in With Apple’ Vulnerability

June 1, 2020

The vulnerability was reported to the Cupertino-based tech giant in April, and was found to impact third-party applications that were using Sign in with Apple without additional security measures.

An attacker exploiting the vulnerability could have taken over user accounts on the affected third-party applications, regardless of whether the victim was using a valid Apple ID or not, security researcher Bhavuk Jain explains.

Sign in with Apple, the researcher explains, can authenticate a user either by using a JWT (JSON Web Token) or a code generated by the Apple server (which is then used to create a JWT).

Read More on Security Week