Fast forward to April 2020, and a security researcher from Delhi uncovered a critical Sign in with Apple vulnerability that could allow an attacker to potentially take over an account with just an email ID.

With the vulnerability already now patched by Apple on the server-side, Bhavuk Jain published his disclosure of the security shocker on May 30.

Although the vulnerability related only to third-party apps which used Sign in with Apple without taking any further security measures, it's shocking for two reasons.

Secondly, and potentially even more of a shocker, because Apple didn't catch this critical security flaw itself during development.

I spoke to Sean Wright, SME application security lead at ImmersiveLabs, regarding the vulnerability which he describes as being "a significant flaw." Wright also says that he "would have expected better testing around this from a company such as Apple, especially when it is trying to set itself a reputation as privacy-focused.".