• Sign in with Apple vulnerability could have led to account takeovers

    1 month ago - By Tech Radar

    A critical vulnerability in Apple's ' Sign in with Apple ' system could have allowed remote attackers to take over targeted user accounts on third-party services and apps. The company's Sign in with Apple feature, which launched at WWDC 2019 , gives users the ability to login to third-party apps and websites using their Apple ID. The feature also helps protect users' privacy as they can use its 'hide my email' function to withhold their email addresses from apps and sites. Independent security researcher Bhavuk Jain first discovered the bug in Sign in with Apple last month and the company...
    Read more ...

     

  • Apple fixes bug that could have given hackers unauthorized to user accounts

    Apple fixes bug that could have given hackers unauthorized to user accounts

    1 month ago - By Ars Technica

    Enlarge
    Sign in with Apple-a privacy-enhancing tool that lets users log into third-party apps without revealing their email addresses-just fixed a bug that made it possible for attackers to gain unauthorized access to those same accounts.
    “In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn't implement their own additional security measures,” app developer Bhavuk Jain wrote on Sunday. “This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a...
    Read more ...