Apple, last year, introduced the Sign-in with Apple feature for users to log in to third-party apps using their Apple ID. The functionality was discovered to have a security flaw that allowed hackers to access the other accounts signed in with the Apple ID. Read on to know more about the security issue.
Sign-in with Apple flaw
As per a report by The Hacker News, the security flaw was present in the method of Sign-in with Apple's validation process from Apple's authentication servers. It was discovered by vulnerability researcher Bhavuk Jain that Apple's sign-in process wasn't validating a user, which could easily be exploited by the hackers.
To put things into perspective, Apple generates a JSON Web Token (JWT) with secret information that is used by apps to identify a user while he or she uses Sign-in with Apple to log into the app. However, Jain found out that the token wasn't being generated and Apple was only asking users to use their Apple IDs to log in.
This way, hackers could easily provide a different Apple ID to the servers and dupe the authentication servers to generate a JWT. Upon the generation of the token, the hackers could access the third-party apps signed-in with Apple. However, this wouldn't affect the Apple ID in question.
Bhavuk Jain told The Hacker News, "The impact of this vulnerability was quite critical as it could have allowed a full account takeover. Many developers have integrated Sign in with Apple since it is mandatory for applications that support other social logins. To name a few that use Sign in with Apple - Dropbox, Spotify, Airbnb, Giphy (now acquired by Facebook),"
It is further suggested that the issue could work even if a user hid the email ID from the third-party apps and be used to create a new account using the Apple ID compromised.
However, the vulnerability has now been fixed by Apple and the Cupertino tech major rewarded Jain with $100,000 as part of the Bug Bounty Program.