Advertisement
Singapore markets close in 55 minutes

  • Straits Times Index

    3,278.08
    -9.67 (-0.29%)
     

  • Nikkei

    37,934.76
    +306.28 (+0.81%)
     

  • Hang Seng

    17,671.32
    +386.78 (+2.24%)
     

  • FTSE 100

    8,124.50
    +45.64 (+0.56%)
     

  • Bitcoin USD

    64,293.75
    +219.60 (+0.34%)
     

  • CMC Crypto 200

    1,388.56
    -7.97 (-0.57%)
     

  • S&P 500

    5,048.42
    -23.21 (-0.46%)
     

  • Dow

    38,085.80
    -375.12 (-0.98%)
     

  • Nasdaq

    15,611.76
    -100.99 (-0.64%)
     

  • Gold

    2,357.80
    +15.30 (+0.65%)
     

  • Crude Oil

    84.10
    +0.53 (+0.63%)
     

  • 10-Yr Bond

    4.7060
    +0.0540 (+1.16%)
     

  • FTSE Bursa Malaysia

    1,575.23
    +5.98 (+0.38%)
     

  • Jakarta Composite Index

    7,080.69
    -74.61 (-1.04%)
     

  • PSE Index

    6,628.75
    +53.87 (+0.82%)
     

Apple Pays Hacker From India $100,000 For Discovering Serious 'Sign In With Apple' Vulnerability

Shivdeep Dhaliwal
·2-min read

Apple Inc (NASDAQ: AAPL) has awarded $100,000 to an Indian hacker who found a serious vulnerability in the “Sign In With Apple” service.

What Happened

“Sign In With Apple” was introduced in June last year as part of iOS13. The Cupertino-based tech giant touted it as a “privacy-protecting” feature, allowing for a “fast, easy and private” sign-in to apps and websites. The service was to be an alternative to signing up for online services instead of using a social account or filling out forms.

In April, a security researcher based in Delhi found a critical flaw in the service that would allow to take over an account with just an email ID. Apple paid the researcher a reward of $100,000, as a part of its bug bounty program, for discovering the exploit, Forbes reported.

ADVERTISEMENT

Why It Matters

According to Bhavuk Jain, the researcher who found the critical vulnerability, it could have allowed for a “full account takeover.”

He wrote in his blog, “A lot of developers have integrated Sign in with Apple since it is mandatory for applications that support other social logins.”

Jain says the sign-in service was supported by Dropbox Inc. (NASDAQ: DBX), Spotify Technology SA (NYSE: SPOT), Airbnb, and Giphy, owned by Facebook Inc (NASDAQ: FB).

These applications were not tested but remained vulnerable to a “full account take over if there weren’t any other security measures in place while verifying a user.”

The researcher concluded, “Apple also did an investigation of their logs and determined there was no misuse or account compromise due to this vulnerability.”

Apple Price Action

Apple shares traded 0.33% higher at $319 in the after-hours session on Friday. The shares closed the regular session mostly unchanged at $317.94.

See more from Benzinga

© 2020 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.