Cyber security news for all

More

    A critical vulnerability in Apple’s convenient sign in service

    The vulnerability allows an attacker to authenticate himself as any user to a service or app that uses the Apple login service. This would allow the attacker to act as this user within the service or app, to completely take over the Apple account within this context.

    After authentication with the Apple login server is complete, an exchange begins between the third party service or app and the Apple server web tokens. Here,experts were able to inject modified tokens with a foreign identity and pretend to be the third party provider as this identity because Apple did not check whether the originally authenticated user and the user identity in the tokens match.

    The method also worked if the Apple identity remained hidden from the third party provider and even if a new Apple user identity was created with the login. Third party providers who implement a second authentication method in addition to Apple’s login service were unlikely to be affected by the problem.

    In an interview with The Hacker News, Bhavuk Jain revealed that the vulnerability he discovered resided in the way Apple was validating a user on the client-side before initiating a request from Apple’s authentication servers.

    Fixed Bug In Apple’s Code

    Apple has closed the gap before it became known. The error was in Apple’s code alone, not in other implementation. According to the company, after evaluating the server logs, no case was found in which this vulnerability was used to take the identity of a user without authorization. Apple’s registration alternative to similar services from Google is intended to provide a convenient, secure authentication method for Apple users who do not want to create a separate user account for each app. Since autumn, apps in Apple’s app stores have had to implement the service if they are already using comparable services from competitors.

    As an alternative to the update, you can also simply switch to another mail app. Gmail users can use the Gmail app, for example. Anyone who spends a lot of time on the PC may be happy with the app. If you are looking for a more flexible mail client, you should try another one. Not only is it chic to look at, it also offers a few cool additional options that Apple’s standard mailer lacks.It is not necessary, but if you like, you can also delete the mail app from the iPhone. Simply tap the app icon a little harder and select it from the Delete app menu.

    Recent Articles

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox