A 27-year-old Indian security researcher Bhavuk Jain reportedly from Delhi, got $ 1,00,000 (Rs 75.5 lakh) from Apple for finding a critical flaw in “Sign in with Apple” account authentication in April that could have allowed hackers to fully take over any account linked to it. Jain got rewarded for discovering a now-patched Zero-Day vulnerability in the ‘Sign in with Apple account’ authentication. Apple had earlier announced that it would enable its users to securely sign in with third-party apps and websites with just an Apple ID to sign in conveniently and efficiently. The bug could have allowed a hacker to break into an Apple user’s account who log into third-party apps like Dropbox, Spotify, Airbnb and Giphy (now acquired by Facebook) and more. However, the company also investigated and reported that any other account was neither accessed nor affected by the glitch.
Bhavuk Jain, who graduated with a degree in electronics and communications, said, “This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not. For this vulnerability, I was paid $100,000 by Apple under their Apple Security Bounty programme.”