Cyber security news for all

More

    A critical vulnerability in Apple’s convenient sign in service

    The vulnerability allows an attacker to authenticate himself as any user to a service or app that uses the Apple login service. This would allow the attacker to act as this user within the service or app, to completely take over the Apple account within this context.

    After authentication with the Apple login server is complete, an exchange begins between the third party service or app and the Apple server web tokens. Here,experts were able to inject modified tokens with a foreign identity and pretend to be the third party provider as this identity because Apple did not check whether the originally authenticated user and the user identity in the tokens match.

    The method also worked if the Apple identity remained hidden from the third party provider and even if a new Apple user identity was created with the login. Third party providers who implement a second authentication method in addition to Apple’s login service were unlikely to be affected by the problem.

    In an interview with The Hacker News, Bhavuk Jain revealed that the vulnerability he discovered resided in the way Apple was validating a user on the client-side before initiating a request from Apple’s authentication servers.

    Fixed Bug In Apple’s Code

    Apple has closed the gap before it became known. The error was in Apple’s code alone, not in other implementation. According to the company, after evaluating the server logs, no case was found in which this vulnerability was used to take the identity of a user without authorization. Apple’s registration alternative to similar services from Google is intended to provide a convenient, secure authentication method for Apple users who do not want to create a separate user account for each app. Since autumn, apps in Apple’s app stores have had to implement the service if they are already using comparable services from competitors.

    As an alternative to the update, you can also simply switch to another mail app. Gmail users can use the Gmail app, for example. Anyone who spends a lot of time on the PC may be happy with the app. If you are looking for a more flexible mail client, you should try another one. Not only is it chic to look at, it also offers a few cool additional options that Apple’s standard mailer lacks.It is not necessary, but if you like, you can also delete the mail app from the iPhone. Simply tap the app icon a little harder and select it from the Delete app menu.

    Recent Articles

    Russian Cybercriminal Behind “Cardplanet” Site Sentenced

    According to the United States Department of Justice, a Russian cybercriminal, Aleksey Burkov, 30—who operated Cardplanet site: a site that trafficked stolen card details—has...

    Hackers Used Malicious Docker Images to Mine Monero

    Researchers found malicious images on Docker Hub used for crypto mining. Palo Alto Networks' Unit  42, unraveled a crypto mining scheme which uses malicious Docker...

    NSA outlines requirements for secure collaboration services for US government telework

    The new National Security Agency (NSA) guidelines are a window of security for users. Everyone has been trying to return to their lives since...

    Cybercriminals threaten to sell off “scandalous” files swiped from Mariah Carey, Nicki Minaj, Puff Daddy’s legal eagles

    There's no escaping these cybercriminals. In a recent case of "cyber-extortion," threat actors known as REvil, are threatening to expose celebrity "dirt." These threat actors...

    Twitter apologises for exposed customers data

    In what is described as a "data security incident," sensitive details of Twitter's customers were exposed. Unlike other cases of a breach which are...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox