Apple spends 27-year-old Indian Rs 75 lakh bug hunter to find flaws in their subscription.
The Apple Safety Reward scheme has won an Indian developer over Rs 75,000 crore to find a flaw in the Apple ID sign-up phase.
The error connected to an iPhone or Mac user's method to link to a third party website with the Apple ID. Bhavuk Jain, a 27-year-old Indian bounty bug creator, has found a vulnerability that would enable any hackers to access Apple user accounts which log in to external apps such as Dropbox, Spotify, Airbnb, and Giphy (now acquired from Facebook) and more.
In "Sign In With Apple" Jain found a vulnerability that impacted applications from third parties that were using it.
This vulnerability may have contributed to the total approval of third-party device user accounts, regardless of a victim who has a legitimate Apple ID, "Jain noted on his site.
In the Apple Security Bounty Programme, Jain, with a Bachelor's Degree in Electronics and Communication, paid about $100,000 or little for Rs 75 lakh.
He is now a full-time bounty hunter "trying to make the internet a more safe environment for everyone," the organization IANS reported. Jain has a keen involvement in mobile device creation using Respond Native.
For more privacy-focused communications with third party devices, Sign In With Apple was introduced in 2019.
"In April, I noticed a zero-day sign-on with Apple which impacted third-party apps that used the bug and did not take any additional protection steps on its own. This bug may have contributed to user accounts being entirely taken into account on the third-party application, irrespective of whether the target had or did not obtain a legitimate Apple identity," said Mr Jain.
In his blog post Jain wrote that Sign in with Apple functions close to OAuth 2.0, including technical information.
The bug, Jain said, was critical because it allowed full consideration if security measures were not in place to verify a user.