Delhi security expert Bhavuk Jain discovered a significant vulnerability with “Sign in Apple”
When Apple announced the new “Sign in with Apple” feature at its developer conference in June 2019, it described it as the safest and fastest way to log into apps and sites. The idea is, in general, good – to use Apple’s secure authentication system instead of social network accounts that collect sensitive data. At the same time, the personal email address remained hidden, and a randomly generated email address was used instead.
And nearly a year later, Bhavuk Jain, a security expert from Delhi, discovered a significant vulnerability in the “Sign in with Apple” functionality, which could allow an attacker to access the account using only the victim’s email ID is. A system error can completely seize the accounts of other people on third-party platforms who have installed the “Sign in with Apple” button, regardless of whether that person uses Apple email. Apple considered the vulnerability discovered so significant that it paid the specialist $ 100,000.
As Bhakuk Jain himself states, Apple conducted an internal investigation and determined that the accounts were not hacking or misused before fixing the vulnerability. Recently, the “Sign in with Apple” button has been installed by Dropbox, Spotify, Airbnb, Giphy and many other applications.
Paypal magazine help
Recently, several media reported that Apple has registered an official representative office in Ukraine. This is evident from the manifest record of registration of TOV “EPPL Ukraine” in the Unified State Register of Legal Entities. The Apple Press Service has not yet commented on opening the office in Ukraine.
Further investigation: Projoro system will start working with white hackers
According to the content Forbes