A critical vulnerability in Sign in with Apple was discovered by a security researcher who received a $100,000 bug bounty.
A critical vulnerability in Apple’s ‘Sign in with Apple’ system could have allowed remote attackers to take over targeted user accounts on third-party services and apps.
The company’s Sign in with Apple feature, which launched at WWDC 2019, gives users the ability to login to third-party apps and websites using their Apple ID. The feature also helps protect users’ privacy as they can use its ‘hide my email’ function to withhold their email addresses from apps and sites.
Independent security researcher Bhavuk Jain first discovered the bug in Sign in with Apple last month and the company paid him a $100,000 bug bounty after he responsibly disclosed it.
