In The Name OF Allah
Al-Salam Alekum
![[Image: Sign+in+with+Apple.jpg]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz0h2FkUxjVmtcCCtpUTlGEJ7ckNF_L6BrZ5vwS8APiTL63bAqPHiP1U-R9mhiUFnLww7iiJvphHL8I-zH_0EJbAcPhBHuGa17gQAE3KoxenqTjBVhyphenhypheneCsaKhxYvOav_6CM2Gcw7zM2XN1/s1600/Sign+in+with+Apple.jpg)
Hello guys, Coming back after a break
Looks like apple is very cute 
Quote:Indian Security researcher found a critical Zero-day vulnerability in “Sign in with Apple” let hackers take over the third-party application accounts by just having their Email ID.
Very Similar to OAuth 2.0, Apple’s “sign in with Apple” helping the user to sign in to their third-party apps and websites faster using their Apple ID without filling out forms, verifying email addresses.
This feature is using million of Apple users to sign in their Third-party apps such as Dropbox, Spotify, Airbnb, Giphy, and the bug considering as “Critical” as it could have allowed full account takeover by the remote attackers.
Bhavuk Jain , Security Researcher from India reported this critical vulnerability to Apple said: “Successfully exploitation of the bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not.”
The Source
Thank you
Wa Salam Alekum
* This article was originally published here
Comments
Post a Comment