A 27-year-old Indian security researcher Bhavuk Jain has grabbed $100,000 (over ₹75.5 lakh) from Apple
He discovered a now-patched Zero Day vulnerability in the Sign in with Apple account authentication
New Delhi: A 27-year-old Indian security researcher Bhavuk Jain has grabbed $100,000 (over ₹75.5 lakh) from Apple for discovering a now-patched Zero Day vulnerability in the Sign in with Apple account authentication.
The Zero Day vulnerability could have allowed a hacker to break into an Apple user's account who log into third-party apps like like Dropbox, Spotify, Airbnb and Giphy (now acquired by Facebook) and more.
Jain who holds a bachelor's degree in electronics and communication discovered Zero Day bug in 'Sign in with Apple' that affected third-party applications which were using it, and didn't implement their own additional security measures.
"This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not," Jain said in a statement on Saturday.
"For this vulnerability, I was paid $100,000 by Apple under their Apple Security Bounty programme," he announced.
Jain is a full-stack developer interested mostly in mobile app development using React Native. He is currently a full-time bug bounty hunter "trying to make the internet a safer place for everyone".
Launched in 2019, 'Sign in with Apple' is aimed to be a more privacy-focused alternative to third-party logins.
Jain disclosed the flaw to Apple which led to an award from Apple's bug bounty programme. Apple has since patched the bug.