iLoungeiLounge
  • News
    • Apple
      • AirPods Pro
      • AirPlay
      • Apps
        • Apple Music
      • iCloud
      • iTunes
      • HealthKit
      • HomeKit
      • HomePod
      • iOS 13
      • Apple Pay
      • Apple TV
      • Siri
    • Rumors
    • Humor
    • Technology
      • CES
    • Daily Deals
    • Articles
    • Web Stories
  • iPhone
    • iPhone Accessories
  • iPad
  • iPod
    • iPod Accessories
  • Apple Watch
    • Apple Watch Accessories
  • Mac
    • MacBook Air
    • MacBook Pro
  • Reviews
    • App Reviews
  • How-to
    • Ask iLounge
Font ResizerAa
iLoungeiLounge
Font ResizerAa
Search
  • News
    • Apple
    • Rumors
    • Humor
    • Technology
    • Daily Deals
    • Articles
    • Web Stories
  • iPhone
    • iPhone Accessories
  • iPad
  • iPod
    • iPod Accessories
  • Apple Watch
    • Apple Watch Accessories
  • Mac
    • MacBook Air
    • MacBook Pro
  • Reviews
    • App Reviews
  • How-to
    • Ask iLounge
Follow US

News › Apple

Apple

Apple Patches ‘Sign in With Apple’ Bug

Last updated: May 31, 2020 10:52 pm UTC
By Samantha Wiley
Apple

Last month researcher Bhavuk Jain discovered a bug while sighing in third party apps using Sign-in with Apple. This bug if not discovered could have taken over several Apple user accounts. The vulnerability occurred with only those third-party apps that did not use any extra security measures. 

Advertisements

According to Jain, Sign in With Apple authenticates a user through a code that is generated by Apple’s server or through a JSON Web Token.  Once authenticated, Apple gives the option to the users to share their private email or the one that is tied with their Apple ID. This email ID creates the JWT that is then used to log in.

Apple

Later Jain discovered that once the tokens for both email addresses were requested and Apple’s pubic key verified the token’s signature it “showed as valid.” If the bug was not discovered it could create a JWT and gain access to the user’s account. 

In an interview, Jain said that the impact of the bug was severe as it could allow a total takeover of the user’s account.

Apple rewarded Jain $100,000 for reporting the bug. Apple also conducted the investigation and it was discovered that no accounts were compromised before solving this issue by patching the bug. 

Advertisements

Latest News
M4 MacBook Air
The 13-inch M4 MacBook Air 256GB is $150 Off
1 Min Read
Folding iPad and Touchscreen Mac
Folding iPad and Touchscreen Mac might debut before 2030
1 Min Read
Fortnite
‘Fortnite’ App submitted again for review to the App Store
1 Min Read
Apple
Apple reportedly skirting around tariff with Brazil facility
1 Min Read
AirPods 4
The AirPods 4 is $30 Off
1 Min Read
Apple Smart Glasses
Apple smart glasses might debut late 2026
1 Min Read
Total War: Rome II
New ‘Total War: Rome II’ arrives on macOS
1 Min Read
Netflix
Netflix to add AI to user search
1 Min Read
Apple Watch
The Apple Watch Series 10 GPS 42mm Model is $100 Off
1 Min Read
AirPods
AirPods with camera might have a 2027 debut
1 Min Read
Apple Arcade
New games arriving on Apple Arcade in June
1 Min Read
Skype
Skype ends service, shuts down
1 Min Read

iLounge logo

iLounge is an independent resource for all things iPod, iPhone, iPad, and beyond. iPod, iPhone, iPad, iTunes, Apple TV, and the Apple logo are trademarks of Apple Inc.

This website is not affiliated with Apple Inc.
iLounge © 2001 - 2025. All Rights Reserved.
  • Contact Us
  • Submit News
  • About Us
  • Forums
  • Privacy Policy
  • Terms Of Use
Welcome Back!

Sign in to your account

Lost your password?