Home / Security / Security: ‘Sign in with Apple’ flaw let attackers take over accounts

Security: ‘Sign in with Apple’ flaw let attackers take over accounts

Security:

Sign in with Apple’ is potentially more private than other login options, but it apparently included a serious security flaw. Researcher Bhavuk Jain recently received a $100,000 bug bounty for discovering (via Hacker News) a flaw in the sign-in service when available through third-party apps. If an app didn’t have its own security measures, an attacker could forge a token linked to any email ID and verify it as ‘valid’ using Apple’s public key. That could allow a “full account takeover” even if you chose to hide your email from other services, Jain said.

Jain found the flaw in April, and it’s already fixed. Apple said there was no evidence of accounts being compromised as a result of the flaw.

Read More

About admin

Check Also

Security: Michael Flynn posts video featuring QAnon slogan

Security: Michael Flynn posts video featuring QAnon slogan

President Trump's former national security adviser, Michael Flynn, posted a video of himself using phrases and slogans that are from the baseless QAnon conspiracy movement.

Leave a Reply

Your email address will not be published. Required fields are marked *