Red Security

Full Version: $100,000 Bounty Apple Zero-day Bug in “Sign in with Apple” Let Hackers Take Takeover
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
In The Name OF Allah
Al-Salam Alekum

[Image: Sign+in+with+Apple.jpg]

Hello guys, Coming back after a break Smile  Looks like apple is very cute Big Grin 
Quote:Indian Security researcher found a critical Zero-day vulnerability in “Sign in with Apple” let hackers take over the third-party application accounts by just having their Email ID.


Very Similar to OAuth 2.0, Apple’s “sign in with Apple” helping the user to sign in to their third-party apps and websites faster using their Apple ID without filling out forms, verifying email addresses.

This feature is using million of Apple users to sign in their Third-party apps such as Dropbox, Spotify, Airbnb, Giphy, and the bug considering as “Critical” as it could have allowed full account takeover by the remote attackers.

Bhavuk Jain , Security Researcher from India reported this critical vulnerability to Apple said: “Successfully exploitation of the bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not.”
 
The Source

Thank you Smile
Wa Salam Alekum