Home >IT >Article

'Sign in with Apple' flaw let attackers take over accounts

'Sign in with Apple' flaw let attackers take over accounts

Chris Velazco/Engadget

‘Sign in with Apple’ is potentially more private than other login options,but it apparently included a serious security flaw. Researcher Bhavuk Jain recently received a $100,000 bug bounty for discovering (via Hacker News) a flaw in the sign-in service when available through third-party apps. If an app didn’t have its own security measures,an attacker could forge a token linked to any email ID and verify it as ‘valid’ using Apple’s public key. That could allow a “full account takeover” even if you chose to hide your email from other services,Jain said.

Jain found the flaw in April,and it’s already fixed. Apple said there was no evidence of accounts being compromised as a result of the flaw.

There shouldn’t have been any damage done as a result. Nonetheless,the bug probably isn’t what Apple wanted to grapple with in the wake of a string of security issues,including an earlier Mail vulnerability. It’s fixing issues quickly — the question is whether or not it can cut down on these issues going forward.

Comments

验证码 换一张
Cancel
暂无评论...
Hotest in the past 3 months
Keywords
Recommend
  • Related
  • 业界资讯
  • 手机通讯
  • 电脑办公
  • 新奇数码
  • 软件游戏
  • 科学探索