The impact of this vulnerability was quite critical as it could have allowed full account takeover.
According to Jain, the Sign in with Apple works similarly to OAuth 2.0.
The code is then used to generate a JWT.
The below diagram represents how the JWT creation and validation works, Jain explained.
If the user decides to hide the Email ID, Apple generates its own user-specific Apple relay Email ID.
Jain who found the flaw in April privately reported the bug to Apple under the companys Security Bounty program.
He received a hefty $100,000 payout from Apple for discovering and reporting the vulnerability.
source: www.techworm.net
