Recently, Bhavuk Jain, a security-focused developer found a zero-day vulnerability in ‘Sign in with Apple’ account authentication and he reported it promptly to higher-ups. Luckily, the vulnerability had not caused any harm to any user and Apple quickly took care of it and fixed it.
A zero-day vulnerability is a small glitch, or a vulnerability in computer software/services, which is not known or goes unaddressed by the developers of that software. If this vulnerability is not fixed in time, cybercriminals can use it to take control of a user’s account on a third-party application and exploit it adversely. These hackers can get possession of personal data and information and can exploit it in any way they want.
Cybercriminals are always looking out for such vulnerabilities to get their claws into a computer system or network and have their way about it.
When Bhavuk Jain found out about this vulnerability in signing in with Apple, he instantly reported because this glitch could have allowed an attacker to gain access and take complete control of a user’s account on a third-party application. He would even have been able to bring a change in control of that application’s user account, even if the user had a valid Apple ID or not.
‘Sign in with Apple’ was launched last year, as a more private alternative method of logging in apps and websites.
Facebook and Google power the other famous log-in systems. When a person creates an account on both Facebook and Google, they require quite a lot of information for authentication and account creation.
Apple launched this new log-in system to minimize the amount of user’s data and information for authentication and account creation purposes. Plus, they designed it to be a lot more private in comparison to Facebook and Google log-in systems because it also minimizes the amount of tracking performed on users.
Now, as Apple includes Sign in with Apple in all apps along with these other log-in systems, a vulnerability attack would have had a huge impact and a very broad base of apps that it would have been able to target. So, the magnitude of this would have been huge, but luckily, no harm was done due to Jain’s quick report against it.
Sign in with Apple relies on one of the two things; a JSON Web Token (JWT) or a special code that is generated by Apple’s servers. If the JWT is not there, then this special code is used to generate the JWT.
For authorization of an account, Apple gives the users a choice whether to share their Apple Email ID with the third-party app or Hide it. If a user chooses to hide it, then Apple provides a user-specific relay email ID to complete the process of authorization.
Once authorization is done, Apple provides a JSON Web Token (JWT), containing the email ID that can be used by the user to log-in on a third-party application.
Jain found out a month ago that this JWT could be requested for any email ID, and once Apple’s public key verifies the signature of the token, it would have all appeared completely valid. This meant that any cybercriminal could create a JWT through this entire process and would have easily gained access to a user’s account!
This would have turned into a very harmful situation if Jain had not disclosed it and Apple had not taken quick control of the situation.
Due to Jain’s diligence, he has been awarded an award from Apple’s bug bounty program, which worth a good $100,000, and it is completely well-deserved.
Apple has patched up the vulnerability now. It is not known however that how they did it. But all is well that ends well.
Read next: A New Report Compares The Global Popularity Of iPhone And Android Smartphones
A zero-day vulnerability is a small glitch, or a vulnerability in computer software/services, which is not known or goes unaddressed by the developers of that software. If this vulnerability is not fixed in time, cybercriminals can use it to take control of a user’s account on a third-party application and exploit it adversely. These hackers can get possession of personal data and information and can exploit it in any way they want.
Cybercriminals are always looking out for such vulnerabilities to get their claws into a computer system or network and have their way about it.
When Bhavuk Jain found out about this vulnerability in signing in with Apple, he instantly reported because this glitch could have allowed an attacker to gain access and take complete control of a user’s account on a third-party application. He would even have been able to bring a change in control of that application’s user account, even if the user had a valid Apple ID or not.
‘Sign in with Apple’ was launched last year, as a more private alternative method of logging in apps and websites.
Facebook and Google power the other famous log-in systems. When a person creates an account on both Facebook and Google, they require quite a lot of information for authentication and account creation.
Apple launched this new log-in system to minimize the amount of user’s data and information for authentication and account creation purposes. Plus, they designed it to be a lot more private in comparison to Facebook and Google log-in systems because it also minimizes the amount of tracking performed on users.
Now, as Apple includes Sign in with Apple in all apps along with these other log-in systems, a vulnerability attack would have had a huge impact and a very broad base of apps that it would have been able to target. So, the magnitude of this would have been huge, but luckily, no harm was done due to Jain’s quick report against it.
Sign in with Apple relies on one of the two things; a JSON Web Token (JWT) or a special code that is generated by Apple’s servers. If the JWT is not there, then this special code is used to generate the JWT.
For authorization of an account, Apple gives the users a choice whether to share their Apple Email ID with the third-party app or Hide it. If a user chooses to hide it, then Apple provides a user-specific relay email ID to complete the process of authorization.
Once authorization is done, Apple provides a JSON Web Token (JWT), containing the email ID that can be used by the user to log-in on a third-party application.
- Also read: HackerOne, A Bug Bounty Platform Rewarded $100 Million To White-Hat Hackers Across The Globe
Jain found out a month ago that this JWT could be requested for any email ID, and once Apple’s public key verifies the signature of the token, it would have all appeared completely valid. This meant that any cybercriminal could create a JWT through this entire process and would have easily gained access to a user’s account!
This would have turned into a very harmful situation if Jain had not disclosed it and Apple had not taken quick control of the situation.
Due to Jain’s diligence, he has been awarded an award from Apple’s bug bounty program, which worth a good $100,000, and it is completely well-deserved.
Apple has patched up the vulnerability now. It is not known however that how they did it. But all is well that ends well.
Read next: A New Report Compares The Global Popularity Of iPhone And Android Smartphones