Sign in with Apple potentially let hackers gain access to user data; Apple fixed it.

sign in iwht apple bug rect 1

The ease and convenience of Sign in with Apple may have all came crashing down with a recently discovered bug. Researcher Bhabuk Jain in an interview in April revealed a bug that could have potentially exposed the data of users. As MacRumors excellently explains:

Jain then discovered that once JWTs for both Apple ID emails and private relay email addresses were requested and the token’s signature was verified using Apple’s public key, it “showed as valid.” Should the bug have not been discovered, a JWT could be created and used to gain access to one’s account.

Jani reported the bug to Apple where he was awarded $100,000, Apple also said no accounts were comprised and that it was patched.

Default image
Sami
Sami started falling in love with Apple in 2010 with the iPhone 4S. As a registered developer, he deeply admires the world of Apple. Sami is an aspiring journalist, writer, and actor. He also has devoted his life to sharing his passion and knowledge with others around the world.