Apple will make the Indian man and $1,00,000 for the finding of a security breach

0
25

A new zero-day vulnerability was recently highlighted in Apple’s ” s “sign in with Apple’s authentication page. The man from Telangana, India, is now claiming to have been paid $100,000 (approximately Rs 75 lakh) by the US-based tech giant, under the Security Bounty program. Also Read – Get customized, Apple Macbook, iMac-in-India-now –

The vulnerability affects third-party apps that use Apple’s authentication, but do not have security measures of their own. Once exploited, the vulnerability that would attackers to have full control over the user accounts on those third-party applications. Also Read: Google’s CEO Sundar Pichai is open to working with Apple on other projects as well

Take A Look At: Weekly News Roundup – 29 May

Bhavuk Jain, the developer will also be added, as per a report by the LiveMint Apple has conducted an investigation of the logs of the discovery of the vulnerability, and found that it had not been in vain, and that there are no other accounts were compromised because of this. Jain further explains in his blog that the “sign in with Apple” feature that works similar to Oauth 2.0, but due to the authentication of a user by way of a JWT, or a code that has been generated by the company’s own servers. Also Read on – Apple will begin mass production of the new AirPods Studio, or it could be announced at WWDC

Yes, discovered that the attackers were able to actually make JWT the link to an EMAIL ID and a user’s app account. The attackers could have asked for JWTs is for the E-ID products. Further, when the signing of the tokens have been verified with the help of the company’s public key, they were considered to be valid.

Sign in with the Apple

Ever since Apple required app that does not support third-party applications, and many developers have taken advantage of the “report to Apple” service for their mobile apps. The feature will allow users to be able to log in to apps and websites using their Apple Id instead of using their social media Id’s.

The service was immediately popular. In contrast to a variety of third-party sign-ins to Apple’s authentication, authorized users have the ability to share their e-Mail Ids, instead of generating a random Email ID for them. This helped to reinforce the privacy of the user to ensure that a real e-Mail Id’s don’t fall into the wrong hands. It was a small group of users are surfing through the the web and feel less exposed.





LEAVE A REPLY

Please enter your comment!
Please enter your name here