Indian Developer Reports Security Flaw in Apple Sign in Got 75 Lakh Rupees

Indian Developer Reports Security Flaw in Apple Sign in Got 75 Lakh Rupees:

In 2019 the big smartphone company Apple had announced the login/sign in functionality with Apple ID to the third party apps and websites like Google, Facebook and Github.

Indian Developer Reports Security Flaw in Apple Sign in Got 75 Lakh Rupees
Indian Developer Reports Security Flaw in Apple Sign in Got 75 Lakh Rupees


From India, A full stack developer found the security flaw or breach from Apple sign in account and that can be a big mistake by which hacker can acquire anyone account sign in with it and take full control over it.

The man Bhavuk Jain, 27 years old claimed it and published in an open blog and said that He had reported the sign in bug of Apple ID before before publishing it publically. And after this the Apple Engineers fixed that issue and as a Apple security bond program they paid him $100000 (75 lakh INR).

Apple had announced a feature of sign in into the third party apps and website with the Apple ID. And Apple has also decided that it should me more private and more secure than other sign in methods of Faebook, Google etc. Sign in via social accounts clearly means sharing of user information and Apple was working to do this more secure way that not to misused by anyone or can not disclose the apple id.

According to Jain, as it has been reported, the entire system was killed by a zero-day vulnerability, which allowed a hacker to easily spoof the Apple ID server with anyone with your email address, userid and technical information Could grant and allow access to all your online accounts and information. This was especially true for accounts linked to apps and websites that did not deploy any of their own security measures.


Signing with Apple works similar to OAuth 2.0. I found that I could request JWTs (JSON web cams) from Apple for any email ID and when these tokens' signatures were verified using Apple's public key, they were valid, "said Jain. Said. Which means to access a user account the hacker have build a JWT by adding any emaild ID to gain access

Jain said, Apple has signed Apple with "mandatory" for all applications that support all other social logins. Dropbox and Spotify are two examples. This can impact too much on Apple of this vulnerability that was quite significant because it could allow full acquisition of any account.

But more importantly, Apple apparently “did an investigation of their logs and said there was no misuse or account compromise due to this vulnerability.” Apple is yet to publicly accept the flaw.

Note:

I hope you will love the information of the Indian developer reports on Apple, If you like it don't forget to react on it like, comment and share to your friends and families.
Thanks for your valuable time.

Post a Comment

10 Comments

  1. Thanks For sharing This information.good information to provide us.
    Digital Information

    ReplyDelete
  2. wow its amazing and to much informational for me. I never know anything about this news. Thanks man please visit my website .

    ReplyDelete
  3. this information help me a lot ,
    for advance hacking post please visit
    https://handonhacking.com/

    ReplyDelete
  4. All Indians should be proud of this
    Thank you for informing about this sir
    I have written an article on
    Famous Games developed by Indians (https://techbunnys.blogspot.com/2020/06/famous-indian-games.html)

    ReplyDelete
  5. In this blog I get a great post please also visit my blog I post a great content https://techkashif.com/canada-girls-whatsapp-group-links-2/

    ReplyDelete

Please don't comment any spam link or bad words. Thanks