Apple sign-in has a zero-day vulnerability, Indian programmer discovers

By Neha KumariJune 1, 2020

A ‘zero-day’ vulnerability was detected in Apple’s ‘sign-in with Apple’ account authentication in April by an Indian security programmer Bhavuk Jain who claims to have been paid $100,000 (approx Rs7.5 million) by Apple under their Apple Security Bounty program.

The vulnerability is believed to affect third-party apps which were using Apple’s authentication but didn’t deploy any additional security measures of their own. If exploited, it could have allowed attackers to take full control over user accounts on third party apps.

Mint could not secure a confirmation on this from Apple. According to Jain, after the matter was brought to their attention, Apple conducted an investigation of their logs and found the vulnerability had not been misused and no accounts had been compromised due to it.

Apple sign-in has a zero-day vulnerability, Indian programmer discovers

More in Live Mint

India Inc, not just IT, dangles big bucks for AI specialists. But is it all hype?

OTT platforms serve shows heavy on political messaging to exploit poll fervour

OpenAI co-founder Ilya Sutskever departs, Sam Altman says ‘very sad to me…’

Must Read Articles

Poor Show

Zomato & Swiggy

Regulating Big Tech

Interview with Preetham Uthaiah, EVP – Marketing & Strategy Saankhya Labs

DoT launches portal for centralised RoW approvals

NCAER Working Paper

Real-Time-Bidding of your Data

DoT to get 33 pc stake of Vi for Rs 16,133 cr interest dues

National Data Governance Framework

BSNL 4G

Archives

You may also like

More in Live Mint

Must Read Articles

Archives