HACKINTOSH.ORG | Macintosh discussion forums

Macintosh News => iPhone/iPod/iPad News => Topic started by: HCK on June 03, 2020, 04:05:24 pm



Title: Hacker paid $100,000 over 'Sign in with Apple' vulnerability
Post by: HCK on June 03, 2020, 04:05:24 pm
Hacker paid $100,000 over 'Sign in with Apple' vulnerability

Thankfully, despite being a serious flaw, no accounts were compromised due to the vulnerability.

What you need to know


A hacker has been paid $100,000 by Apple after discovering a vulnerability in Apple's 'Sign in with Apple feature'.
The bug has now been fixed.
It could have resulted in the full takeover of user accounts.


A hacker has been paid $100,000 by Apple, after discovering a zero-day vulnerability affecting the Sign in With Apple feature on iOS.

Bhavuk Jain revealed his findings in a recent blog post:


  What if I say, your Email ID is all I need to takeover your account on your favorite website or an app. Sounds scary, right? This is what a bug in Sign in with Apple allowed me to do.
 
  In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn't implement their own additional security measures. This bug could have resulted in a full account takeover of user accounts on that third party appli...

Source: Hacker paid $100,000 over 'Sign in with Apple' vulnerability (http://feedproxy.google.com/~r/TheIphoneBlog/~3/kr4zC-poxzI/hacker-paid-100000-over-sign-apple-vulnerability)