The Sign in with Apple tool, which allows users to log in to third-party apps without revealing their email addresses, has fixed a bug that could enable attackers to gain access to those accounts.
App developer Bhavuk Jain reported the zero-day vulnerability in the privacy-enhancing tool to Apple as part of the company's bug bounty program, and received a $100,000 reward.
Sign in with Apple logs in users with either a JSON Web Token (JWT) or a code generated by an Apple server, which is then used to generate a JWT.
Users can share the Apple email ID with a third party or keep it hidden, and in the latter instance, Apple creates a JWT that contains a user-specific relay ID.
Jain found that an attacker could forge a JWT by linking any email ID to it, which would provide access to the victim's account.
From Ars Technica
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA