HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
Filip TRUTA @FilipTrout
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt
Industry News

Researcher Reports Zero-Day ‘Sign in with Apple’ Bug that Could Allow Full Account Takeover

9 months ago
2 Min Read

Infosec researcher Bhavuk Jain has pocketed a handsome $100,000 from Apple’s bug bounty program after reporting a critical flaw that could have allowed malicious actors to bypass authentication and take over a user’s account.

Released to much fanfare at the annual Worldwide Developers Conference (WWDC) in 2019, ‘Sign in with Apple’ enables users to log into a third-party account without disclosing their email address.

“In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn’t implement their own additional security measures. This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not,” Bhavuk writes on his blog.

Apple’s sign-in feature is similar to OAuth 2.0 in that it authenticates a user either via a JSON Web Token or a code generated on Apple’s end. With the JWT generated, Apple generates its own relay ID which goes into the JWT for authentication. However, Bhavuk found that he could request JWTs for any email ID from Apple, “and when the signature of these tokens was verified using Apple’s public key, they showed as valid.”

“This means an attacker could forge a JWT by linking any Email ID to it and gaining access to the victim’s account,” he explains.

If exploited correctly, the vulnerability could have allowed full account takeover. A lot of third-party apps and services are already integrated with ‘Sign in with Apple,’ including Dropbox, Spotify, Airbnb, and Giphy.

Apple reportedly awarded the researcher $100,000 for his discovery. Bhavuk responsibly reported the flaw to the iPhone makers last month and waited until the company patched the vulnerability on their end before publishing his findings.

Tagsapple Apple security iOS sign in with apple sign in with apple bug

You may also like

Industry News

New ObliqueRAT Malware Campaign Now Integrates Steganography, Researchers Finds

14 hours ago
Industry News

Microsoft Issues Exchange Server Updates for Four 0-Day Vulnerabilities Used by Chinese Hafnium APT

2 days ago
Industry News

Android Security Bulletin: Google Issues Fix for Critical Remote Code Execution Flaw in Android System

2 days ago

About the author

View All Posts

Filip TRUTA

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.

Data Breach at Independent Artist Marketplace Affects 5 Million Users
Pablo Escobar’s brother says FaceTime flaw revealed his address, sues Apple for a publicity stunt (and $2.6 billion)
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt

Promo

1.3m
Fans
Like
104.8k
Followers
Follow
2.7k
Subscribers
Subscribe
18
Subscribers
subscribe
1.4m
Fans Love us

Recent shouts

  • Meurig Parri on Microsoft Ends Support for Windows 7. What You Need to Know
  • Kevin on Cable Haunt vulnerability affects millions of Broadcom cable modems
  • Terry on Ransomware attack forces Arkansas CEO to fire 300 employees days before Christmas
  • Martin on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre
  • Xander on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre

Time Machine

March 2021
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  
« Feb    

ANTIVIRUS SOFTWARE FOR HOME USERS

Bitdefender Cybersecurity for Smart Home
Bitdefender Complete Protection
Bitdefender PC Protection
Bitdefender Antivirus for Mac
Bitdefender Mobile Security for Android
Bitdefender Product Comparison

BUSINESS SOLUTIONS

Bitdefender GravityZone Business Security
Bitdefender GravityZone Advanced Business Security
Bitdefender GravityZone Enterprise Security
Bitdefender Hypervisor Introspection

TOOLS & RESOURCES

Renewal for Business Customers
Trial Downloads
Free Antivirus
Free Online Virus Scanner
Free Virus Removal Tools
Live Remote Assistance
Free Tools
Bug Bounty
Press Center

Powered by Bitdefender - a leading cyber security technology provider | Copyright © 2008 - 2016. All rights reserved.
  • Home
  • The Team
  • Terms and Conditions
  • Contact
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok