A developer receives $ 100,000 for a bug to Log with Apple
In April, the researcher Bhavuk Jain has discovered a critical vulnerability to Sign-in with Apple that could result in the acquisition of some user accounts. The bug was specific to third-party apps that used the function, and not implement additional safety measures.
Jain note that Sign-in with Apple works by authenticating a user via a JWT (JSON Web Token), or a code generated by the Apple server. The colossus of Cupertino offers users the ability to share the e-mail tied to your Apple ID or an e-mail forwarding and private, that creates a JWT used to access.
Jain has, therefore, found that, thanks to the bug, it was possible to request a JWT for any e-mail ID, passing the validation process using the public key of the Apple. By doing so, an attacker could create a JWT through this process and get access to the account of the victim.
The impact of this vulnerability is quite critical as it could allow the complete capture of the account. Many developers have integrated Sign in with the Apple in their app because it is mandatory for applications that support other access social. To name a few that use Sign in with Apple: Dropbox, Spotify, Airbnb, Giphy (now acquired by Facebook).
According to Jain, Apple conducted an investigation and concluded that no accounts have been compromised using this method before the vulnerability was correct. Jain has received 100,000 dollars from Apple as part of its security program Bounty for reporting the bug.