Apple is paying a bounty of around $100,000 to an Indian bug hunter for fixing their sign-in problems. The 27-year-old Indian developer, Bhavuk Jain, fixed the problem of “sign-in with Apple” for several third party applications. However, he did not do it for the money. The freelancing bounty hunter takes up such challenges for excitement. But, due to the Security Bounty Programme of the company he received a huge sum of $100,000.
The bug was in the process where users of Mac and iPhone could log into third-party websites using their Apple ID. The bug hunter spotted that how a hacker can break into account just by knowing your e-mail id. This guy needs nothing else. No password, no top. Just the email-id is enough.
Ouch, "Sign in with Apple" was totally busted 😱 😥
— patrick wardle (@patrickwardle) May 30, 2020
Sign-in with Apple: Security Flaw
Many users log into Dropbox, Spotify, Giphy, Airbnb, and other such websites using the Apple ID. Bhavuk Jain discovered that this method can result in a full account takeover for many users. It does not even matter if the victim has a valid ID or not. The bug hunter is a fulltime full-stack developer mostly involved with React Native mobile apps. This current help from him is because he wants to make the Internet a safe place for everyone.
Almost all big tech companies run bug-bounty programs where they award money to people who find security bugs or flaws in their services and applications.
This is not the first time an Indian developer has received a big bounty for finding a bug. Although, Jain’s bounty from Apple is definitely one of the biggest an Indian developer has received so far. In the past, companies Facebook, Twitter, and Google have paid much money to Indian developers for finding bugs.
Let us know what you have to say about this in the comments section given below!