Zero-Day in Sign in With Apple →
Bhavuk Jain:
In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn’t implement their own additional security measures. This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not.
For this vulnerability, I was paid $100,000 by Apple under their Apple Security Bounty program.