Apple fixes bug that could have given hackers full access to user accounts
Sign in with Apple-a privacy-enhancing tool that lets users log in to third-party apps without revealing their email addresses-just fixed a bug that made it possible for attackers to gain unauthorized access to those same accounts.
In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn't implement their own additional security measures," app developer Bhavuk Jain wrote on Sunday. This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not."
Jain privately reported the flaw to Apple under the company's bug bounty program and received a hefty $100,000 payout. The developer shared details after Apple updated the sign-in service to patch the vulnerability.
Read 5 remaining paragraphs | Comments