A critical vulnerability was recently found
in Apple’s “Sign in with Apple” feature. If exploited a flaw will provide
attackers ability to take over user’s third-party application accounts.
Bhavuk Jain, a security researcher reported
the findings, was awarded $100,000.
“Sign in with Apple” feature presented last
year was created to make it easy and more secure for Apple users to sign into
third-party applications and websites.
On Sunday Bhavuk Jain announced a bug: “In
the month of April, I found a zero-day in Sign in with Apple that affected
third-party applications which were using it and didn’t implement their own
additional security measures….This bug could have resulted in a full account
takeover of user accounts on that third party application irrespective of a
victim having a valid Apple ID or not.”
Apple has fixed a flaw already.
No comments:
Post a Comment