Apple has awarded a bug bounty hunter $100,000 for finding and reporting a severe security issue that could lead to the takeover of third-party user accounts.
As reported by Hacker News, researcher Bhavuk Jain discovered the vulnerability in the “Sign in with Apple” feature, a developer feature that allows users to sign in to services using Apple IDs.
Sign in with Apple was introduced to improve privacy and create sign-in procedures for third-party websites and apps using Apple’s ID and two-factor authentication processes, while also keeping tracking at bay.
Read more…
Source: ZDNet