News » Technology News » Apple pays 27-year-old Indian bug hunter over Rs 75 lakh for spotting flaw in its sign-in process

Apple pays 27-year-old Indian bug hunter over Rs 75 lakh for spotting flaw in its sign-in process

by Rahul Chauhan
1 minutes read

An Indian developer has acquired more than Rs 75 lakh with the Apple Protection Bounty method for debugging the login course of action making use of Apple ID.

The bug was relevant to the system in which an Apple iphone or Mac consumer could use the Apple ID to log into a third bash web-site. Indian bug bounty hunter and developer Bhavuk Jain, 27, identified a vulnerability that could enable any hacker to hack into the accounts of Apple customers who logged into 3rd-party apps these kinds of as Dropbox, Spotify, Airbnb and Giphy (now obtained by Fb) and far more.

Jain learned a bug in “Signing in to Apple” that afflicted 3rd-bash applications working with it.

“This bug could have resulted in a finish takeover of user accounts on that third-get together application, irrespective of no matter if a victim experienced a legitimate Apple ID or not,” Jain pointed out on his website.

Jain, who attained a bachelor’s diploma in electronics and communications, acquired about $ 100,000 or just around Rs 75 lakh under the Apple Protection Bounty application.

Jain is a full-stack developer who is principally interested in acquiring cell apps with React Native. He is at the moment a total-time bounty hunter “striving to make the web safer for all people,” IANS information agency famous.

Signing in with Apple released in 2019 for more privateness-targeted logins for third-get together apps.

“In April, I found a zero-day Log in to Apple that influenced third-bash programs that had been making use of it and not applying their personal further stability steps. This bug could have resulted in a entire account takeover of consumer accounts on that software from third events, regardless of whether a sufferer has a valid Apple ID or not, “Jain wrote on his website.

Jain gave the complex specifics and wrote in his blog submit that Signing in to Apple is similar to OAuth 2..
The bug, Jain claimed, was fairly significant as it permitted for a comprehensive account takeover if no safety measures were being taken whilst authenticating a user. Signing in to Apple is required for apps that aid other social logins, such as individuals from Google or Facebook.

Jain’s weblog mentioned Apple verified there was no abuse or account compromise simply because of the vulnerability.

Pretty much all major tech corporations operate bug bounty plans the place they award funds to persons who find stability flaws or flaws in their products and services and applications.

This is not the 1st time that an Indian developer has acquired a big premium for getting a bug. Although Jain’s high quality from Apple is absolutely one particular of the biggest an Indian developer has received to day. In the previous, firms Google and Facebook have paid out lakhs rupees to Indian developers for obtaining bugs.

Acquire authentic-time alerts and all the news on your cellular phone with the all-new application. Download from

You may also like

compsmag logo

CompsMag: Unraveling the Tech Universe – Delve into the world of technology with CompsMag, where we demystify the latest gadgets, unravel software secrets, and shine a light on groundbreaking innovations. Our team of tech aficionados offers fresh perspectives, empowering you to make informed decisions in your digital journey. Trust CompsMag to be your compass in the ever-expanding tech cosmos

Useful Links

Connect with us

Comspmag is part of Tofido ltd. an international media group and leading digital publisher. 

Edtior's Picks

Latest News

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More