A developer receives $ 100,000 for an Apple Login bug

Details of a now-corrected “Sign in with Apple” vulnerability that could have allowed an attacker to take control of a user’s account have been revealed.

In April, researcher Bhavuk Jain discovered a critical vulnerability of Login with Apple that could have led to the acquisition of some user accounts. The bug was specific to third-party apps that used the feature and didn’t implement additional security measures .

Jain notes that Log in with Apple works by authenticating a user via a JWT (JSON Web Token) or a code generated by the Apple server . The Colossus of Cupertino therefore offers users the possibility to share the email linked to their Apple ID or a private forwarding email address, which creates a JWT used to access.

Jain then discovered that, thanks to the bug, it was possible to request a JWT for any email ID by passing the validation process using the Apple public key. By doing so, an attacker could create a JWT through this process and gain access to the victim’s account.

Sign up with Apple

 The impact of this vulnerability was rather critical as it could have allowed for full account acquisition. Many developers have integrated Sign in with Apple into their apps as it is mandatory for applications that support other social logins. To name a few who use Sign in with Apple: Dropbox, Spotify, Airbnb, Giphy (now acquired by Facebook ).

According to Jain, Apple conducted an investigation and concluded that no accounts were compromised using this method before the vulnerability was corrected. Jain received $ 100,000 from Apple as part of his Bounty security program for reporting the bug.

Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.