Vulnerability in “Sign in with Apple”
“Sign in with Apple” is more secure than other methods. However, it looks like it may also have some vulnerabilities. Bhavuk Jain, a security researcher, recently discovered a new zero-day vulnerability in Apple’s system whereby third-party apps could leak users’ personal information without any knowledge of the device owner. If an app doesn’t have its own security measures, a potential hacker could forge a certificate that would link to any email ID and pass as authentic via Apple’s public key. This can happen even though you put your email address in a hidden folder or set up two-factor authentication so no one could access your account.
Apple found and fixed a vulnerability in its system that Jain discovered in April. The company awarded Jain $100,000 as part of their bug bounty program. They warned that there is no evidence to believe a single account was compromised because of the bug.
Hackers were able to take over your information without you knowing about it. This could have even left your account completely unusable and make it difficult for you to login in the future. Many developers are using Sign in with Apple to allow users to log into these apps with their Facebook Stories or Spotify accounts, among others.
Gather more information on the Apple feature by visiting the official support website following this link, https://support.apple.com/en-us/HT210318 .
If you liked this post on the vulnerability in “Sign in with Apple” detected, then you might also enjoy this one or this one.
Author: PC-GR
The World of Technology
