The recent “Sign in with Apple” vulnerability earned a researcher $100,000 as a part of Apple’s bug bounty program. The flaw itself arose from an OAuth-style implementation that did not properly validate JSON Web Token (JWT) authentication between requests. This would have allowed a malicious actor to “Sign in with Apple” using anyone’s Apple ID.
To read this article in full, please click here
(Insider Story)Support the originator by clicking the read the rest link below.