26 C
Jaipur
Friday, October 23, 2020

Sign in with Apple Bug Let Hackers Take Takeover of Apple User Accounts

Must read

huawei: Huawei ekes out third-quarter revenue growth as US restrictions bite – Latest News

Huawei Technologies Co Ltd eked out a gain in third-quarter revenue as the impact of the COVID-19 pandemic added to supply-chain difficulties brought about...

MEE Audio launches new range of Bluetooth audio accessories

MEE Audio has released a new range of audio products at different price points. There’s a new ‘MEE Audio Connect

Accenture along with SAP aims to take businesses into cloud-based open industry solutions

Accenture has announced it will be working side-by-side with SAP to help companies change their business operations with industry-specific solutions based on SAP’s...

huawei: Italy vetoes 5G deal between Fastweb and China’s Huawei: Sources – Latest News

Italy has prevented telecoms group Fastweb from signing a supply deal with Huawei for its 5G core network, two sources close to the matter...

Indian Security researcher found a critical Zero-day vulnerability in “Sign in with Apple” let hackers take over the third-party application accounts by just having their Email ID.

Very Similar to OAuth 2.0, Apple’s “sign in with Apple” helping the user to sign in to their third-party apps and websites faster using their Apple ID without filling out forms, verifying email addresses.

This feature is using million of Apple users to sign in their Third-party apps such as Dropbox, Spotify, Airbnb, Giphy, and the bug considering as “Critical” as it could have allowed full account takeover by the remote attackers.

 Bhavuk Jain , Security Researcher from India reported this critical vulnerability to Apple said: “Successfully exploitation of the bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not.”

The Account Take Over Zero day

Jain explained that Apple using JWT (JSON Web Token) that generated from Apple Server to securely authenticate the user with an Email ID and allow users to log in to the 3rd party app.

But due to the improper validation, the zero-day bug let attackers request JWTs for any Email ID from Apple and the email ID is verified as valid when the signature of these tokens was verified using Apple’s public key.

It leads an attacker to forge the JWTs to link with any Email ID and gain access to the victim’s 3rd party account.

“I found I could request JWTs for any Email ID from Apple and when the signature of these tokens was verified using Apple’s public key, they showed as valid. This means an attacker could forge a JWT by linking any Email ID to it and gaining access to the victim’s account.” Jain Explained in Blog post.

Jain also confirmed that the bug can also be exploited by the user’s account who decides to hide the Email ID, since Apple generates its own user-specific Apple relay Email ID.

Apple also rewarded $100,000 bounty under Apple security bounty for ethically reporting the critical vulnerability.

Apple security Team confirmed that bug wasn’t exploited after an investigation of their server logs and the bug has been fixed.

If you’re willing to learn Bug bounty, you can take a complete Master Level Bug Bounty Course training from Ethical Hackers Academy to learn, find, and report the security vulnerabilities in hundreds of vendors.

Also Read: HackerOne Paid $100 Million in Bug Bounties to Ethical Hackers

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

huawei: Huawei ekes out third-quarter revenue growth as US restrictions bite – Latest News

Huawei Technologies Co Ltd eked out a gain in third-quarter revenue as the impact of the COVID-19 pandemic added to supply-chain difficulties brought about...

MEE Audio launches new range of Bluetooth audio accessories

MEE Audio has released a new range of audio products at different price points. There’s a new ‘MEE Audio Connect

Accenture along with SAP aims to take businesses into cloud-based open industry solutions

Accenture has announced it will be working side-by-side with SAP to help companies change their business operations with industry-specific solutions based on SAP’s...

huawei: Italy vetoes 5G deal between Fastweb and China’s Huawei: Sources – Latest News

Italy has prevented telecoms group Fastweb from signing a supply deal with Huawei for its 5G core network, two sources close to the matter...

huawei: Huawei reports 9.9% revenue growth in first 3 quarters of 2020 – Latest News

Huawei on Friday said that it generated a revenue of 671.3 billion yuan ($98.57 billion) in the first three quarters of this year, an...