An enormous security gap was discovered by a bug bounty hunter in India that cost Apple a round sum of $100,000 from its special “Apple Bug Bounty Fund” .
Mace Griffin: Bounty Hunter is an Action-Adventure, First-person Shooter, and Single-player video game developed by Warthog Games and published by Black Label Games for multiple platforms. The plot of the game takes place in the fictional Vagner system on the edge of the universe. AT WAR FOR THE GREATEST PRIZE OF ALL: HAN SOLO! THE HUNT BEGINS! The notorious bounty hunter will not stop until he gets what's rightfully his. For the thief, no corner of the galaxy is safe. Good thing for them that the REBEL ALLIANCE, THE EMPIRE and every bounty hunter in the galaxy is standing in Boba's way. With a last-page reveal that will blow this Death.
The bug, which due to its magnitude should more appropriately be deemed a titan beetle, had to do with the popular ‘Sign In With Apple’ feature.
Zero-day in Sign in with Apple – bounty $100khttps://t.co/9lGeXcni3K
— Bhavuk Jain (@bhavukjain1) May 30, 2020
The feature is available on a variety of different websites and in different apps. And it allows users to sign in using their Apple ID, which in theory would have provided them with a higher level of security. ‘Sign In With Apple’ essentially offers Apple users to create and log into accounts on a wide range of platforms whilst allegedly benefiting from the fact that their personal details are better shielded.
But as it turns out, nothing could be farther away from the truth.
What the bug bounty hunter from India revealed was that basically anyone in possession of your email address could also gain access to said personal details. And all it would take was a basic request to the Apple ID servers, which would in turn send a token.
This token would then be verified by the Apple ID servers, and with that anyone would be instantly granted access to any account linked to your Apple ID.
The bounty hunter who detected the bug is actually well-known and respected in the industry. His name is Bhavuk Jain, and this certainly wouldn’t be the first security issue he identified. Jain has previously found issues with social media giants Facebook, Pinterest and even Google.
Thankfully, however, since the issue was reported and since Jain received his bounty, Apple was quick to act on the problem and fix it. You can find more about the security vulnerability here.