Apple Inc (NASDAQ: AAPL) has awarded $100,000 to an Indian hacker who found a serious vulnerability in the “Sign In With Apple” service.
“Sign In With Apple” was introduced in June last year as part of iOS13. The Cupertino-based tech giant touted it as a “privacy-protecting” feature, allowing for a “fast, easy and private” sign-in to apps and websites. The service was to be an alternative to signing up for online services instead of using a social account or filling out forms.
In April, a security researcher based in Delhi found a critical flaw in the service that would allow to take over an account with just an email ID. Apple paid the researcher a reward of $100,000, as a part of its bug bounty program, for discovering the exploit, Forbes reported.
Why It Matters
According to Bhavuk Jain, the researcher who found the critical vulnerability, it could have allowed for a “full account takeover.”
He wrote in his blog, “A lot of developers have integrated Sign in with Apple since it is mandatory for applications that support other social logins.”
These applications were not tested but remained vulnerable to a “full account take over if there weren’t any other security measures in place while verifying a user.”
The researcher concluded, “Apple also did an investigation of their logs and determined there was no misuse or account compromise due to this vulnerability.”
Apple Price Action
Apple shares traded 0.33% higher at $319 in the after-hours session on Friday. The shares closed the regular session mostly unchanged at $317.94.
See more from Benzinga
- Apple CEO Writes To Employees About George Floyd Death, Urges For 'Better, More Just World For Everyone'
- Martin Scorsese's Next Movie Will Be Financed By Apple: Report
- Apple's Face ID Will Allow Mask Wearing Users To Unlock Their Phones Quickly
© 2020 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.