Apple paid 100 thousand dollars. for finding a vulnerability in the Sign in with Apple service

Log in with Apple is a new login method that was meant to protect our privacy. Apple has just paid 100,000 dollars. to the developer who found a hole in it.

Apple in iOS 13 introduced a new method of user authorization in mobile applications. From now on, instead of providing software developers with your data or logging in with services such as Facebook or Google, you can use the Log In with Apple service and protect your privacy .

Although some doubt is raised by the fact that Apple used a stick, not a carrot , to encourage developers, but the new solution boasted even Tim Cook's biggest competitor . Thanks to it, service providers will never know the user's email address, which makes it easier to defend against spam.

Unfortunately, it turned out that an error appeared in the Log in with Apple service, which could result in the loss of access to data.

The matter was described by the author of the blog bhavukjain.com . He explained that it was enough to know the Email ID parameter to access the online service using Log in with Apple. The developer detected this zero-day vulnerability as early as April and it affected all sites using this login method that did not implement additional security on their side.

In the blog entry, the developer explains that the vulnerability was related to the user authorization method. It uses either the JSON web token (JSON Web Token, JWT), or codes generated on Apple servers, on the basis of which JWT was created. This works similar to the OAuth 2.0 method, and the way the Cupertino company solution works is explained in the diagram:

What was the error in Sign in with Apple ?

The developer explains that in a situation where the user decides to hide his Apple ID from the service provider, Apple generates an Email ID for the needs of this one application. Then JWT is generated, which contains the Email ID parameter, and online services use it for authorization.

It turned out that in April it was possible to request JWT for any Apple Email ID and verify the token signature using a public key. If someone got to know the Email ID, they could get an artificially generated JSON web token and gain full access to the account.

It's so good that Apple explains that zero-day has never been used, and the error in the Apple Log In service has already been patched. In addition, the person reporting this zero-day boasted that the company awarded her with a prize of 100,000. dollars. as part of the Apple Security Bounty program.



Apple paid 100 thousand dollars. for finding a vulnerability in the Sign in with Apple service

Comments

  1. Dwayne1/26/22, 12:31 PM

    Great job for publishing such a nice article. Your article isn’t only useful but it is additionally really informative. Read more info about Mobile App Development Services Hong Kong. Thank you because you have been willing to share information with us.

    ReplyDelete
  2. James Adam6/2/22, 8:41 AM

    This data is significant and glorious which you have shared here about the I am dazzled by the subtleties that you have partaken here and It uncovers how pleasantly you grasp this subject. I might want to gratitude for sharing this article here. Social media companies Tampa

    ReplyDelete

Post a Comment

Popular posts from this blog

What is VoLTE and how can you activate it on your Xiaomi

Image
In recent years, phone calls have evolved to achieve great sound quality. So much so that today we can find technologies such as VoLTE allowing us to make voice calls in high definition on our Xiaomi. Beyond the classic GSM networks, movistar, vodafone and other operators have integrated this technology, which in turn derives from the advantages of Internet access. Thanks to 4G or LTE networks, VoLTE allows us to make not only high-definition calls, but also to improve consumption and add other services . What is VoLTE and what are its advantages after activating it on a Xiaomi In detail, VoLTE is a technology capable of transmitting voice communications over the Internet . For this, whether we have a Redmi Note 8 Pro, a Xiaomi Mi A2 or any other smartphone from the firm, our voice will be encoded from analog to digital allowing its transmission in the form of packets through the network. With this, as we have already said, after activating VoLTE we will achieve higher sou
Read more

So you can check the battery status of your Xiaomi smartphone and how many cycles you have performed

Image
Today, our smartphone has become one of the most important tools in our day to day. That is why the duration of its battery and the state of it is very important if we want to be able to use it with total peace of mind and in a continuous way. In view of this, MIUI includes a secret menu that allows us to verify the state or health of the battery of our Xiaomi smartphone and also check the cycles that we have performed . Let's not forget that each cycle represents a full battery charge from 0% to 100% Since lithium batteries degrade with the passage of time , use and recharges that we have made, knowing these two data will give us a vision of the general state of your state and with it knowing if it has worsened considerably with the passage of weather. How to check the battery status and cycles performed on our Xiaomi smartphone To access this hidden menu in MIUI and check the battery status of our Xiaomi smartphone we will only have to perform the following steps:
Read more

How to exit the FASTBOOT mode of your Xiaomi if you have entered accidentally

Image
Although, the fastboot mode of Xiaomi phones with MIUI allows us to solve bugs or change ROMs, it is also common to enter without wanting to. If this has been your case, you most likely want to get out of Xiaomi's fastboot without spoiling anything. In general, leaving this mode that includes all Xiaomi, Redmi and POCO with MIUI is extremely simple. Even so, on certain occasions, exiting fastboot mode is more complex , either because Recovery starts or because our smartphone does not work correctly. In view of this, below we are going to explain how to exit the fastbook mode of your Xiaomi if you have entered without wanting to . In addition, if the conventional mode does not work, we will also give you other tips to exit this mode without causing any damage at the software level. How to exit Xiaomi fastboot If we have accidentally entered the Xiaomi fastboot , to exit this way we will only have to perform the following steps: Press and hold the power button for about 10
Read more

Does your Xiaomi charge slowly or intermittently? So you can fix it

Image
Does your Xiaomi charge very slowly or intermittently? This error is usually very common when our cable is in poor condition, we use a low-quality charger or even when the USB or USB Type-C port of your Xiaomi is dirty or obstructed. With a view to this, below we will explain the main steps or solutions to take if your Xiaomi charges slowly , if the charge is intermittent or if in the worst case, your mobile does not detect the USB that is connected to the socket electric. 1. Clean the USB port Although it may sound simple, in most cases slow charging problems are usually caused by a piece of paper or a speck of dust that obstructs the pins of the USB port . Taking into account the nature of this connector, it is normal that after repeated use dirt accumulates inside. A dirty USB C port is usually the main cause of slow or intermittent charging. To solve this charging problem and clean the USB C port of your Xiaomi, it is recommended to blow lightly inside the port itself.
Read more

Problems with Android Auto and your Xiaomi? So you can fix it

Image
Unfortunately Android Auto continues to present certain problems on some Xiaomi . Errors such as error 16 that prevent our smartphone from correctly linking to this Google vehicle system. Still, these bugs are largely solvable. And it is that, in most cases the impossibility of using Android Auto through our Xiaomi is given by the dual applications themselves. In view of this and taking as a source this interesting article from Mi Community , below we will explain how to solve two of the most common errors that we usually find when linking or connecting our Xiaomi to a car with Android Auto. Fix Android Auto error on Xiaomi devices One of the main errors of the type « An error has occurred » that we usually find when connecting Android Auto to our Xiaomi is related to Google Play Services . In itself, this error shows the message « It seems that Google Play Services does not work at the moment «, making it impossible to connect Android Auto to our Xiaomi. To solve it we j
Read more

If your Xiaomi disconnects only from the WiFi it may be because of that MIUI setting

Image
One of the most common problems in Xiaomi smartphones is usually related to the WiFi connection and its automatic disconnection . A quite annoying problem, which in most cases is usually caused by a bad MIUI configuration . If you have a Xiaomi, Redmi or POCO and you notice that sometimes your smartphone disconnects only from the WiFi without having taken any action, do not miss this article where we tell you how to solve it in most cases. Disconnection of WiFi on your Xiaomi, how to solve it Although it is true that the problem may be caused by some other failure, in most cases the spontaneous disconnection of the WiFi connection is caused by a bad MIUI configuration, specifically, its automatic connection to the networks with better signal . By having this option activated on our smartphone, if the WiFi signal drops at any time, it will automatically disconnect to use the data connection . To deactivate it enough to do the following steps: Go to Settings> WiFi> Wi-Fi
Read more

How to change the font in MIUI and thus further customize your Xiaomi: so you can change the type, color and size of the letters of MIUI

Image
Among the multiple options that MIUI offers us we find the possibility of changing the source of our Xiaomi . This option will not only allow us to change the font , but also change the font color and size . For this it is necessary to make use of some Asian region, be it India, Hong Kong or any other. In addition, it should be noted that this adjustment that allows us to change the source is only available for MIUI 9 , MIUI 10 and MIUI 11 , so if we have a Xiaomi Mi A2 or Xiaomi Mi A3 we will not be able to do it. How to change the font in MIUI To change the font in MIUI we must perform the following steps: Go to Settings> Additional settings> Region Next we select India or Hong Kong as a region. Go to the Themes application, download the font that we like the most from the new lower option that will appear with hundreds of fonts and then apply it. After applying it, it will be necessary to restart our Xiaomi mobile. Once done , we will have installed the ne
Read more

What is the Safe Mode of your Xiaomi, what is it for and how can you activate it

Image
In addition to the typical options that we find in the MIUI settings, Xiaomi also adds a mode called " Safe Mode " or " Safe Mode " to its smartphones. We will talk about this below, explaining its usefulness and how to activate or deactivate it on your Xiaomi, Redmi or POCO. Safe Mode allows us to start a special boot, loading only the system itself and the applications that were installed on our Xiaomi when we bought it. That is, starting the Safe Mode or Safe Mode our smartphone will start loading only the essential applications . This mode is a temporary state of our smartphone and does not make any important modification on the device. In itself, Safe Mode does not delete our data , it just starts our Xiaomi, loading the basics and essentials for its operation. Safe Mode only starts essential MIUI applications. Thanks to this, the Safe Mode will help us to rule out failures in our Xiaomi derived from the installation of an application or the modific
Read more

Improve and amplify the volume of your Xiaomi and / or headphones with these simple adjustments

Image
With the evolution of technology and the arrival of content on demand, many of us spend much of the day with our headphones on, playing music or watching series and movies. That is why many of you have asked us how to increase the volume of the headphones in Xiaomi smartphones or even how to improve the sound quality in Xiaomi AirDots or Redmi AirDots S wireless headphones. How to improve the sound and increase the volume of the headphones in MIUI of Xiaomi If what we want is to increase or amplify the volume of our headphones on a Xiaomi smartphone with MIUI we must perform the following steps: Go to Settings app> Region We will change our region to Andorra, India or any other country outside the EU. With this adjustment we will be able to "skip" the European restrictions that limit the sound volume, obtaining greater amplification , both in headphones, and through the speaker itself. Headphones with cable and jack connector Xiaomi Mi Hybrid Pro HD. In add
Read more

How to activate the second space if your Xiaomi does not have this option

Image
MIUI's Second Space functionality allows us to have two smartphones in one. A way to divide our Xiaomi into two different accounts , either for personal and work use, to perform tests or simply, to prevent our son or little brother from accessing our applications and documents. Unfortunately, terminals like the Redmi Note 10 lack this functionality . The same happens with other terminals of Xiaomi, Redmi and POCO of mid-range and entry. If we access the Settings, this functionality is not found among the various MIUI options . Even so, there is a little trick that allows us to access the Second Space functionality even if your Xiaomi does not have it . In this way we can create a second space without any type of restriction and in any Xiaomi, Redmi or POCO. Activate the second space on your Xiaomi If your Xiaomi, Redmi or POCO does not have the Second space functionality when accessing Settings> Special functions , do not worry, below we will explain how to use it with
Read more