365NEWSX
365NEWSX
Subscribe

Welcome

Apple Pays Developer $100,000 for Finding Serious Bug in ‘Sign In With Apple’ System - Gizmodo

Apple Pays Developer $100,000 for Finding Serious Bug in ‘Sign In With Apple’ System - Gizmodo

Apple Pays Developer $100,000 for Finding Serious Bug in ‘Sign In With Apple’ System - Gizmodo
May 31, 2020 48 secs

According to Jain, the bug was related to the way that Apple was validating users who used Sign in with Apple.

One of the biggest selling points of Sign in with Apple is the ability to hide your email address from the third party app or service.

Per the Hacker News, Jain found that this was because although Apple asked users to log in to their Apple account before initiating the authorization request, it was not validating if the same person was requesting a JWT in the next step from its authentication server.

The Hacker News reports that malicious actors could exploit this vulnerability even if users chose to hide their Apple email ID from third party services and that it could also be used to sign up a new account with the victim’s Apple ID.

Nonetheless, Jain said that Apple had carried out an investigation and determined that there had been no misuse or account compromise due to the vulnerability.

Summarized by 365NEWSX ROBOTS

RECENT NEWS

SUBSCRIBE

Get monthly updates and free resources.

CONNECT WITH US

© Copyright 2024 365NEWSX - All RIGHTS RESERVED