Bug Bounty Hunter Discovers Severe Authentication Bypass in Apple's Servers and Earns $100,000
A bug bounty hunter has received a $100,000 reward from Apple as an award for discovering a severe security issue. The bug bounty hunter is a researcher who goes by the name Bhavuk Jain.
Jain found a severe security issue that would have led to users' accounts being taken over if the wrong person first discovered the bug.
The Vulnerability of the Apple ID System
Hacker News reported that Jain discovered that the Sign in with Apple feature had a vulnerability. It's a developer feature that lets users sign in to any service using it with their Apple IDs.
The Sign in with Apple feature was a feature that Apple came up with so that they could improve privacy and create sign-in procedures for non-Apple-affiliated websites and apps with Apple's processes for IDs and two-factor authentication.
It didn't stop Jain from finding a severe authentication bypass that ignored all authentication and hijacked the accounts of third-party users, while only having to know the target's email ID.
The bug bounty hunter, Jain, previously discovered bugs in Verizon Media, Udemy, Zomato, and Bumble. The flaw in security was because of how client-side user validation requests get processed by Apple.
In a post on Jain's blog, he states that Apple authenticates users using a code generated by their servers or a JSON Web Token.
Users have a choice between sharing their email ID or not with the third-party they're trying to log in to with their Apple ID as a part of the authentication procedure. If the user hides their email ID, Apple generates a JWT that contains this information, which the third-party service uses for user authentication instead of the email ID directly.
The bug bounty hunter discovered Apple's handling of JWT requests had a validation conflict when compared to the user's authentication when they login to the account before they start requests.
Jain found that he could have any email ID and request JWTs from Apple, and when Apple's public key verified the signature of the tokens, they would be validated. It means that if an attacker can forge a JWT by linking any email ID he wants, it would give them access to the account he's trying to gain access to with the attack.
The missed step in the validation process means that any third-party service that uses Sign in with Apple is vulnerable to being abused. User accounts have been susceptible to being hijacked from any accounts or services linked to their Apple ID.
A full account takeover is possible due to how critically impactful the vulnerability was since numerous developers have integrated the Sign in with Apple feature. Developers must integrate when they make applications that support other social network logins on Apple devices.
The Apple ID Vulnerability is No More
After Apple accepted Jain's report, they investigated their server's logs, and it seems the security flaw was exploited by anyone so far whatsoever. However, from how severe this authentication bypass was, it could be a way for someone to compromise the data of iCloud accounts.
Jain reported the bug through the Apple Security Bounty program, which is how Jain earned the reward of $100,000. Apple has patched the vulnerability.
[Leak] The Upcoming Apple iPhone 12 Might Only Have 6GB of RAM, Why?
Why does the new Apple iPhone 12 only have 6GB RAM?
Meetings Made Easy: The Best Earphones Money Can Buy
In this time of the pandemic, online meetings and video conferences are now more important than ever as they are one of the most practical options for business to continue as usual.
Complete Apple Kit: Best Earphones for Your iPhones
Stand out without having to use the popular Apple Airpods.
2020's Best Earphones for the Latest iPad Pro Models
The iPad models that were released recently have gotten rid of the audio jack. The lack of an audio jack means if you want to use earphones with your iPad, you'll need ones that connect using a USB-C connector. Here are the best ones you can get on Amazon.
Choose the Best Earphones for Music That's Right for You
Choosing earphones with superb performance is tricky. Here are some considerations you need to factor in before buying a pair.
MORE IN ITECHPOST
Amazon Go Shopping Carts That Can Tell What You’re Buying
In Amazon's major upcoming store, they will implement Dash Carts. These smart shopping carts will know what you're buying.
This New Artificial Intelligence Can Determine The Orbits of Planets Faster Than Traditional Methods
There is a new AI that uses an algorithm that seems to be better than what researchers are using right now.
How to Play Story of Seasons Friends in Mineral Town
It wasn't always called Story of Seasons. Before it was called such, this franchise went by another name that most people are familiar with- Harvest Moon.
[MUST GET] Lego's NES Replica With Super Mario Bros Combines Everyone's Favorite Childhood Toys
Relive what it was like to have an NES thanks to Lego's 2600-piece replica of the modem. And what's more, it comes with an interactive TV that shows the game Super Mario Bros which you have to turn constantly in order for Mario to actually move.