Apple pays US$100,000 bounty to developer for finding critical login vulnerability
This particular security weakness came about due to the way Apple's servers verified a user account during the "Sign in with Apple" login process. When logging in, a JSON Web Token is used to authenticate the account, and this token can contain the user's Apple ID email address depending on which options are selected.
Jain found that he could request a JSON Web Token for any legitimate Apple account and the signature would be verified as valid each time. A hacker only needed to know the email address associated with an Apple ID to get a validated token and obtain access to the account. Accounts using two-factor authentication (2FA) likely to be protected from this attack vector.
During the patching process, Apple reviewed server logs and found no evidence that anyone had exploited this flaw.
Bounty programmes are a popular way for tech companies to encourage white hat hackers (hackers who hack with permission) to try and find vulnerabilities in their software. These flaws get reported and patched before the bug is made public. Although many high-profile companies have bounty programmes, more substantial bounties aren't paid out very often since they are reserved for significant and critical vulnerabilities.