Apple Pays Hacker $100,000 For Finding Major Security Vulnerability


Apple logo on Apple store.

In 2019, Apple announced a Sign in with Apple option for users who preferred not to share personal email addresses with the third-party apps and services they use on their devices. The feature, which was announced at WWDC as a way to protect user privacy, has since been compromised.

According to a report from iMore, security researcher Bhavuk Jain recently discovered a critical flaw within the feature on iOS devices. If exploited, the flaw would allow remote attacks from anyone looking to take over third-party app accounts, including Spotify, Dropbox, and Giphy, from unsuspecting victims. After finding the vulnerability, Jain reported it to Apple through the company’s bug bounty program, and he has been awarded $ 100,000 for his discovery.

Jain also broke down his findings in a blog post on his website.

“I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn’t implement their own additional security measures,” he wrote.

Click here to continue and read more…


The Inquisitr

Comments

comments

Apple Pays Hacker $100,000 For Finding Major Security Vulnerability

log in

reset password

Back to
log in
Choose A Format
Personality quiz
Trivia quiz
Poll
Story
List
Meme
Video
Audio
Image
Free BoomBox WordPress Theme