Apple Inc AAPL has awarded $100,000 to an Indian hacker who found a serious vulnerability in the “Sign In With Apple” service.
What Happened
“Sign In With Apple” was introduced in June last year as part of iOS13. The Cupertino-based tech giant touted it as a “privacy-protecting” feature, allowing for a “fast, easy and private” sign-in to apps and websites. The service was to be an alternative to signing up for online services instead of using a social account or filling out forms.
In April, a security researcher based in Delhi found a critical flaw in the service that would allow to take over an account with just an email ID. Apple paid the researcher a reward of $100,000, as a part of its bug bounty program, for discovering the exploit, Forbes reported.
Why It Matters
According to Bhavuk Jain, the researcher who found the critical vulnerability, it could have allowed for a “full account takeover.”
He wrote in his blog, “A lot of developers have integrated Sign in with Apple since it is mandatory for applications that support other social logins.”
Jain says the sign-in service was supported by Dropbox Inc. DBX, Spotify Technology SA SPOT, Airbnb, and Giphy, owned by Facebook Inc FB.
These applications were not tested but remained vulnerable to a “full account take over if there weren’t any other security measures in place while verifying a user.”
The researcher concluded, “Apple also did an investigation of their logs and determined there was no misuse or account compromise due to this vulnerability.”
Apple Price Action
Apple shares traded 0.33% higher at $319 in the after-hours session on Friday. The shares closed the regular session mostly unchanged at $317.94.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
