Bhavuk Jain, a techie hailing from Delhi, has bagged $100,000 (Rs. 75.50 lakh) bug bounty from Apple.
Jain had flagged a critical security flaw in the Cupertino giant's 'Sign in with Apple' system, an issue that, he says, could have allowed hackers to take full control of accounts on third-party apps and services.
Months later in 2020, Jain found that if a third-party app did not have its own security measures, an attacker could forge the authentication token linked to any Apple ID email and verify it as 'valid' using the company's public key.
This, he discovered, opened access to the target's account on the app in question, even in cases when a dummy email was used.