Fixed Apple sign-in bug could have enabled hijacking of 3rd-party accounts

A security researcher in Delhi, India, reported that Apple paid him $100,000 through its bug bounty program for finding a vulnerability in its Sign in with Apple feature that could have resulted in the takeover of users’ third-party website and app accounts.

In a May 30 blog post, researcher Bhavuk Jain explains how he detected the bug that could have fully compromised

...continue reading...

Source: SC Magazine / Article: "Fixed Apple sign-in bug could have enabled hijacking of 3rd-party accounts"