‘Sign In With Apple’ Flaw Allowed Attackers Unauthorized Access To Linked Third-Party Services

One of the changes Apple introduced to its platforms last year was a new service called “Sign in with Apple”. This is basically a login service where you use your Apple ID to sign up and sign into online services. This is in addition to other login services offered by the likes of Facebook and Google and was created as an alternative sign-in service with an emphasis on privacy.

Unfortunately for Apple, it seems that the service does have its flaws, as discovered by researcher Bhavuk Jain in which due to a vulnerability, it would have allowed attackers to gain unauthorized access to third-party services that are associated with the user’s “Sign in with Apple”.

Speaking to The Hacker News, Bhavuk said, “The impact of this vulnerability was quite critical as it could have allowed a full account takeover. Many developers have integrated Sign in with Apple since it is mandatory for applications that support other social logins. To name a few that use Sign in with Apple – Dropbox, Spotify, Airbnb, Giphy (now acquired by Facebook).”

The good news is that this particular flaw has since been patched by Apple, and according to an internal investigation carried out by Apple of their server logs, they also confirmed that this flaw was not exploited to compromise any accounts.

Tyler Lee
Categories: Apple, General
Tags: Hack, Privacy, Security