Recently, a critical vulnerability was reported in Apple’s ‘Sign-in with Apple’ by an researcher Bhavuk Jain. The login flaw made third-party apps open to cyber attacks.
This security breach via ‘Sign-in with Apple’ authentication option could potentially allow hackers to extract private user data and other malicious acts. Jain was rewarded $100,000 by Apple for flagging the security issue.
Developer Jain found the bug and reported it to Apple through its bounty program. According to sources, the bug is now fixed. It had the potential to allow hackers to bypass a device’s authentication from the client-side and easily take over the user’s accounts in third-party apps accessed via ‘Sign-in with Apple’.
Sign-in with Apple
The aforementioned authentication feature was launched in 2019 as a privacy-focused sign-in tool that allowed users to log in to third-party websites and applications securely. The authentication process consists of auto-generated JSON Web Token (JWT) which contain confidential information which the third-party applications use to confirm the identity of the user who is signing in.
Bhavuk Jain discovered that even though the company was requesting users to log into their Apple accounts before initiating the request, there was no validation if the same user was requesting the JWT in the next step. This missing validation could have easily allowed any hacker to provide a separate Apple ID belonging to any victim and trick the service.
He further claimed that this vulnerability existed even for the users who chose to hide their email IDs from third-party applications and they can also be exploited to sign-up a new ID with the victim’s Apple ID. You can read full details about this issue on Jain’s blog:
“The impact of this vulnerability was quite critical as it could have allowed a full account takeover. Many developers have integrated Sign in with Apple since it is mandatory for applications that support other social logins. To name a few that use Sign in with Apple – Dropbox, Spotify, Airbnb, Giphy,”
Apple acknowledged the ‘Sign-in with Apple’ authentication issue and promptly resolved the security weakness. The company also released a statement that the flaw did not compromise any Apple account, confirmed after a thorough investigation.
A cybersecurity company ZecOps also recently notified Apple about some vulnerabilities they found in the iOS Mail app on iPhones. Apple investigated the issue and quickly released a statement expressing that the issue posed no threat to any user data.