+- Red Security (https://redsecurity.info/cc)
+-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1)
+--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4)
+--- Thread: News $100,000 Bounty Apple Zero-day Bug in “Sign in with Apple” Let Hackers Take Takeover (/showthread.php?tid=1486)
$100,000 Bounty Apple Zero-day Bug in “Sign in with Apple” Let Hackers Take Takeover - Mr.Kurd - 06-01-2020
In The Name OF Allah
Al-Salam Alekum
![[Image: Sign+in+with+Apple.jpg]](https://1.bp.blogspot.com/-kYBsM_usui4/XtR34zWdKqI/AAAAAAAAJJc/KNBCZhDjVug4bk0gX5BYzoVpdaEFvn99ACLcBGAsYHQ/s1600/Sign+in+with+Apple.jpg)
Hello guys, Coming back after a break
Looks like apple is very cute 
Quote:Indian Security researcher found a critical Zero-day vulnerability in “Sign in with Apple” let hackers take over the third-party application accounts by just having their Email ID.
Very Similar to OAuth 2.0, Apple’s “sign in with Apple” helping the user to sign in to their third-party apps and websites faster using their Apple ID without filling out forms, verifying email addresses.
This feature is using million of Apple users to sign in their Third-party apps such as Dropbox, Spotify, Airbnb, Giphy, and the bug considering as “Critical” as it could have allowed full account takeover by the remote attackers.
Bhavuk Jain , Security Researcher from India reported this critical vulnerability to Apple said: “Successfully exploitation of the bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not.”
The Source
Thank you
Wa Salam Alekum