A 27-year old Bhavuk Jain, who is a security researcher from India, has won $100,00 for his discovery of a bug in Apple systems. He achieved this feat by discovering a bug in ‘Sign-in with Apple’ app authentication feature.
It is a Zero-day vulnerability and discovering which would open vulnerabilities for the users. It would have opened the doors for hackers and login into third-party apps like Spotify, Dropbox, Giphy, Airbnb, and more. The Zero-day bug in ‘Sign-in with Apple’ affects the third-party apps which are missing with their additional security measure.
This bug would have resulted in a complete account compromise of the user, even if the user does not have Apple ID. The Apple Security Bounty Program has awarded Jain with $100,000 in finding the bug. Being a full-stack developer, he looks mostly into mobile app development with React Native. Jain is a full-time bug bounty hunter who works in search of potential bugs and tries to make the Internet safer.
As soon as the bug was identified, Apple has released a patch for the same. Bhavuk Jain has revealed that the functioning of ‘Sign-in with Apple’ is close to that of ‘OAuth 2.0. Authentication needs two ways of approach, and one is by using JWT, which is JSON Web Token. The other way is by code generated through Apple Server.
While generating code through the Apple server, the user can choose whether to share the Apple Email ID with the third-party app. If the user denies sharing Apple Email ID, then a user-specific Apple relay Email ID is created. Based on the user’s choice and authorization get succeeded in the previous step, a JWT is designed by Apple using this Email ID. The third-party app uses the JWT to login. Jain, has discovered that JWT can be linked to any Email ID and hack into user’s accounts.