Vulnerability allowed attackers to sign in to sites using any Apple ID. Last year, Apple announced ‘Sign in with Apple’ feature to let users log in to services with their Apple ID, as opposed to an email address and password. Apple has patched the flaw, and an internal audit of logs has revealed no signs of compromised accounts. For the discovery and disclosure of the vulnerability, Apple has awarded Bhavuk Jain $100,000 as a part of its bug bounty program for finding the flaw.
Source: https://www.bleepingcomputer.com/news/apple/sign-in-with-apple-vulnerability-earns-researcher-100-000/