Critical 'Sign in with Apple' Bug Could Have Let Attackers Hijack Anyone's Account

2020-05-30 08:43

In an interview with The Hacker News, Bhavuk Jain revealed that the vulnerability he discovered resided in the way Apple was validating a user on the client-side before initiating a request from Apple's authentication servers.

Bhavuk found that though Apple asks users to log in to their Apple account before initiating the request, it was not validating if the same person is requesting JSON Web Token in the next step from its authentication server.

"I found I could request JWTs for any Email ID from Apple, and when the signature of these tokens was verified using Apple's public key, they showed as valid. This means an attacker could forge a JWT by linking any Email ID and gaining access to the victim's account," Bhavuk said.

Bhavuk responsibly reported the issue to the Apple security team last month, and the company has now patched the vulnerability.

Besides paying bug bounty to the researcher, in response, the company also confirmed that it did an investigation of their server logs and found the flaw was not exploited to compromise any account.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/T19SZVK-b7s/sign-in-with-apple-hacking.html

#apple #critical