Researcher lands $100,000 reward for ‘Sign in with Apple’ authentication bypass bug

Apple has awarded a bug bounty hunter $100,000 for finding and reporting a severe security issue that could lead to the takeover of third-party user accounts.

As reported by Hacker News, researcher Bhavuk Jain discovered the vulnerability in the “Sign in with Apple” feature, a developer feature that allows users to sign in to services using Apple IDs.

Sign in with Apple was introduced to improve privacy and create sign-in procedures for third-party websites and apps using Apple’s ID and two-factor authentication processes, while also keeping tracking at bay.

Read more…
Source: ZDNet