apple patient
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Tests & Experience Reports
  • Generally
No Result
View All Result
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Tests & Experience Reports
  • Generally
No Result
View All Result
apple patient
No Result
View All Result

“Sign in with Apple” – security hole closed

by Milan
May 31, 2020
Galati, Romania, March 23, 2020: New iphone 11 Pro Max. iPhone 11 Pro is a smartphone developed by Apple Inc. Space gray smartphone back view on black background.

Galati, Romania, March 23, 2020: New iphone 11 Pro Max. iPhone 11 Pro is a smartphone developed by Apple Inc. Space gray smartphone back view on black background.

A critical security vulnerability allowed attackers to gain access to accounts that used “Sign in with Apple” – now Apple has fixed the bug. 

The vulnerability was discovered by Bhavuk Jain, a security researcher, and reported as part of Apple's Bug Bounty program. According to the report:

Bhavuk noted that while Apple requires users to sign in to their Apple account before triggering the request, it was not validated when the same person requested JSON Web Token (JWT) from their authentication server in the next step.

Therefore, the lack of validation in this part of the mechanism could have allowed an attacker to provide a separate Apple ID of a victim and thus trick Apple servers into generating JWT payload valid to log into a third-party service using the victim's identity.

$100,000 reward for the find

Therefore, accounts for third-party services created using "Sign in with Apple". Applications that have additional security measures for verification are excluded. Jain explained included: 

The impact of this vulnerability was quite critical as it could have allowed a complete takeover of the accounts. Many developers have integrated Sign in with Apple as it is mandatory for applications that support other social logins. To name a few that use Sign in with Apple - Dropbox, Spotify, Airbnb, Giphy (now acquired by Facebook)," Jain wrote.

The security researcher received a total of 100,000 US dollars as a reward for this discovery. Apple has now reportedly closed the security hole. According to the company, however, the vulnerability was not exploited - at least there is no evidence of this. It should also be emphasized at this point that the Apple account itself was never at risk. (Photo by manae / Bigstockphoto)

Have you already visited our Amazon Storefront? There you'll find a hand-picked selection of various products for your iPhone and other devices – enjoy browsing !
This post contains affiliate links .
Add Apfelpatient to your Google News Feed. 
Was this article helpful?
YesNo
Tags: Apple ServiceiOSiPadOSmacOSsecurity gap
Previous Post

Apple raises price for RAM

Next Post

Apple Watch Series 6: Leaker mentions display

Next Post
Alushta, Russia - November 6, 2018: Man hand with Apple Watch Series 4 with Heart Rate on the screen. Apple Watch was created and developed by the Apple inc.

Apple Watch Series 6: Leaker mentions display

iOS 26 Beta 2 iPhone 17 Air

iOS 26 Beta 2 contains hints about the iPhone 17 Air

June 23, 2025
iOS 26 Recovery Assistant

iOS 26 introduces new recovery assistant

June 23, 2025
iOS 26 Beta

iOS 26: Apple releases the second beta for developers

June 23, 2025

About APFELPATIENT

Welcome to your ultimate source for everything Apple - from the latest hardware like iPhone, iPad, Apple Watch, Mac, AirTags, HomePods, AirPods to the groundbreaking Apple Vision Pro and high-quality accessories. Dive deep into the world of Apple software with the latest updates and features for iOS, iPadOS, tvOS, watchOS, macOS and visionOS. In addition to comprehensive tips and tricks, we offer you the hottest rumors, the latest news and much more to keep you up to date. Selected gaming topics also find their place with us, always with a focus on how they enrich the Apple experience. Your interest in Apple and related technology is served here with plenty of expert knowledge and passion.

Legal

  • Imprint – About APFEPATIENT
  • Cookie Settings
  • Privacy Policy
  • Terms of Use

service

  • Partner Program
  • Netiquette – About APPLEPATIENT

RSS Feed

Follow Apfelpatient:
Facebook Instagram YouTube threads
Apfelpatient Logo

© 2025 Apfelpatient. All rights reserved. | Sitemap

No Result
View All Result
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Tests & Experience Reports
  • Generally

© 2025 Apfelpatient. All rights reserved. | Page Directory