An independent security researcher disclosed a zero-day vulnerability contained in the “Sign in with Apple” feature. The vulnerability has been patched, and Apple says it found no account misuse tied to it. As a reward for the disclosure, Apple paid Bhavuk Jain a $100,000 bug bounty fee. JWTs used to authenticate a user when attempting to sign in to a third-party app – a JWT or a code generated by Apple to create a JWT.”]
Source: https://www.cuinfosecurity.com/researcher-discloses-sign-in-apple-zero-day-flaw-a-14365