‘Sign in with Apple’ is possibly more private than other login alternatives, yet it apparently incorporated a genuine security defect. Scientist Bhavuk Jain as of late got a $100,000 bug bounty for finding (by means of Hacker News) a defect in the sign-in administration when accessible through third-party applications. In the event that an application didn’t have its own security measures, an assailant could manufacture a token connected to any email ID and check it as “valid” utilizing Apple’s public key. That could permit a “full account takeover” regardless of whether you decided to conceal your email from different administrations, Jain said.
On hacker News, Jain said, “”I found I could request JWTs for any Email ID from Apple, and when the signature of these tokens was verified using Apple’s public key, they showed as valid. This means an attacker could forge a JWT by linking any Email ID and gaining access to the victim’s account,” Furthermore, “”The impact of this vulnerability was quite critical as it could have allowed a full account takeover. Many developers have integrated Sign in with Apple since it is mandatory for applications that support other social logins. To name a few that use Sign in with Apple – Dropbox, Spotify, Airbnb, Giphy (now acquired by Facebook),” Bhavuk added.
Jain found the flaw in April, and it’s as of now fixed. Apple said there was no proof of accounts being undermined because of the flaw. There shouldn’t have been any harm done subsequently. In any case, the bug likely isn’t what Apple needed to think about in the wake of a string of security issues, including a previous Mail vulnerability. It’s fixing issues rapidly — the inquiry is whether it can eliminate these issues going ahead.