Apple TV+ Confirms ‘For All Mankind’ Season 5, Announces Spinoff ‘Star City’
Following the success of its fourth season, Apple TV+ has just renewed its critically acclaimed space drama "For All Mankind" for a fifth season.
Researcher Discovers Serious ‘Sign in With Apple’ Security Flaw, Receives $100,000 USD Bug Bounty
“Sign in with Apple” is potentially more private than other login options, but it apparently included a serious security flaw.
A new report from The Hacker News explains that researcher Bhavuk Jain recently received a $100,000 USD bug bounty for discovering a flaw in the sign-in service when available through third-party apps.
The Zero Day vulnerability could have allowed a hacker to break into an Apple user’s account who log into third-party apps like like Dropbox, Spotify, Airbnb, Giphy, and more.
If an app didn’t have its own security measures, an attacker could forge a token linked to any email ID and verify it as “valid” using Apple’s public key. That could allow a “full account takeover” even if you chose to hide your email from other services, Jain explained.
According to Jain, the “Sign in with Apple” works similarly to “OAuth 2.0.” “There are two possible ways to authenticate a user by either using a JWT (JSON Web Token) or a code generated by the Apple server. The code is then used to generate a JWT,” he explained.
In the second step, while authorizing, Apple gives an option to a user to either share the Apple Email ID with the third-party app or not. If the user decides to hide the Email ID, Apple generates its own user-specific Apple relay Email ID.
“Depending upon the user selection, after successful authorization, Apple creates a JWT which contains this email ID which is then used by the 3rd party app to login a user,” said Jain.
He found that he could request JWTs for any email ID from Apple and when the signature of these tokens was verified using Apple’s public key, they showed as valid.
“This means an attacker could forge a JWT by linking any Email ID to it and gaining access to the victim’s account,” Jain noted.
Launched in 2019, “Sign in with Apple” is aimed to be a more privacy-focused alternative to third-party logins.
P.S. Help support us and independent media here: Buy us a beer, Buy us a coffee, or use our Amazon link to shop.
Other articles in the category: News
Delta Game Emulator Launches on App Store and AltStore in EU
Riley Testut, the developer behind the highly-anticipated Delta game emulator, has launched the app on the App Store, and also on the AltStore in EU.
Apple Boosts Clean Energy and Water Investments Worldwide
Apple has announced significant strides towards Apple 2030, aiming to achieve carbon neutrality across its entire supply chain by the end of the decade.