1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Finding Serious 'Sign In with Apple' Hole Earns Security Researcher a $100,000 Bug Bounty

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Finding Serious 'Sign In with Apple' Hole Earns Security Researcher a $100,000 Bug Bounty


IT Security Nachrichten vom | Direktlink: apple.slashdot.org Nachrichten Bewertung

An anonymous reader quotes Forbes: When Apple announced Sign in with Apple at the June 2019 worldwide developers conference, it called it a "more private way to simply and quickly sign into apps and websites." The idea was, and still is, a good one: replace social logins that can be used to collect personal data with a secure authentication system backed by Apple's promise not to profile users or their app activity... Unsurprisingly, it has been pushed as being a more privacy-oriented option than using your Facebook or Google account. Fast forward to April 2020, and a security researcher from Delhi uncovered a critical Sign in with Apple vulnerability that could allow an attacker to potentially take over an account with just an email ID. A critical vulnerability that was deemed important enough that Apple paid him $100,000 through its bug bounty program by way of a reward. With the vulnerability already now patched by Apple on the server-side, Bhavuk Jain published his disclosure of the security shocker on May 30. It applied "only to third-party apps which used Sign in with Apple without taking any further security measures," the article points out , adding that the researcher who found it "said Apple carried out an internal investigation and determined that no account compromises or misuse had occurred before the vulnerability was fixed." But they also quote an SME application security lead at ImmersiveLabs who said he "would have expected better testing around this from a company such as Apple, especially when it is trying to set itself a reputation as privacy-focused."

Read more of this story at Slashdot.

...

Externe Webseite mit kompletten Inhalt öffnen



https://apple.slashdot.org/story/20/06/01/0421240/finding-serious-sign-in-with-apple-hole-earns-security-researcher-a-100000-bug-bounty?utm_source=rss1.0mainlinkanon&utm_medium=feed

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • Finding Serious 'Sign In with Apple' Hole Earns Security Researcher a $100,000 Bug Bounty

    vom 294.23 Punkte ic_school_black_18dp
    An anonymous reader quotes Forbes: When Apple announced Sign in with Apple at the June 2019 worldwide developers conference, it called it a "more private way to simply and quickly sign into apps and websites." The idea was, and still is, a good one:
  • Securing open-source: how Google supports the new Kubernetes bug bounty

    vom 200.73 Punkte ic_school_black_18dp
    Posted by Maya Kaczorowski, Product Manager, Container Security and Aaron Small, Product Manager, GKE On-Prem SecurityAt Google, we care deeply about the security of open-source projects, as they’re such a critical part of our infrastructure—and indeed everyone’s. Today, the Cloud-Native Computing Foundation (CNCF) announce
  • Earn $1 Million- Apple Bug Bounty Offer

    vom 193.64 Punkte ic_school_black_18dp
    Earn $1 Million From Apple Bug Bounty Great News for Bug Bounty Hunters Apple increases its Bug bounty reward from $20000 to $1 Million.... The post Earn $1 Million- Apple Bug Bounty Offer appeared first on HackersOnlineClub.
  • Free Spotify Premium Account - User ID & Password- 2020 {100% Working}

    vom 158.46 Punkte ic_school_black_18dp
    Free Spotify Premium Account - User ID & Passwords- 2020 {100% Working}Free Spotify Premium AccountSpotify is a digital music streaming service that gives you access to millions of songs, podcasts, and videos from artists all over the world, like Apple Music and Amazo
  • Seccomp Tools - Provide Powerful Tools For Seccomp Analysis

    vom 157.2 Punkte ic_school_black_18dp
    Provide powerful tools for seccomp analysis.This project is targeted to (but not limited to) analyze seccomp sandbox in CTF pwn challenges. Some features might be CTF-specific, but still useful for analyzing seccomp in real-case.Features Dump - Automaticall
  • Improving the Security and User Experience of your Google Sign In Implementation

    vom 157.03 Punkte ic_school_black_18dp
    Posted by Isabella Chen, Software Engineer We launched a fully revamped Sign-In API with Google Play services 8.3 providing a much more streamlined user experience and enabling easy server authentication and authorization. We’ve heard from many developers
  • Improving the Security and User Experience of your Google Sign In Implementation

    vom 157.03 Punkte ic_school_black_18dp
    Posted by Isabella Chen, Software Engineer We launched a fully revamped Sign-In API with Google Play services 8.3 providing a much more streamlined user experience and enabling easy server authentication and authorization. We’ve heard from many developers
  • Hack Apple And Earn 1 Million Dollars

    vom 155.78 Punkte ic_school_black_18dp
    Apple Invited Hackers for Bug Bounty program Earn up-to 1 Million Dollars. Open for all CyberSecurity researchers Previously Apple Bug Bounty Program opens for... The post Hack Apple And Earn 1 Million Dollars appeared first on HackersOnlineClub.
  • Apple TV+ is now available

    vom 149.77 Punkte ic_school_black_18dp
    Apple TV+, home of Apple Originals from the world’s greatest storytellers, is now available<br/>Enjoy Apple TV+ on the Apple TV App for $4.99 per Month or Free with a New Apple Device or Apple Music Student Plan<br/>Starting today, audiences
  • Is the smartctl of Seagate 10TB IronWolf Pro still healthy?

    vom 149.22 Punkte ic_school_black_18dp
    I can see some errors for Raw_Read_Error_Rate, Reallocated_Sector_Ct and Seek_Error_Rate. Is this concerning or is this drive still reliable? smartctl 6.5 (build date Sep 7 2018) [x86_64-linux-3.10.105] (local build) Copyright (C) 2002-16, Bruce Allen
  • Cisco Meraki Offers Up to $10,000 in Bug Bounty Program

    vom 149.01 Punkte ic_school_black_18dp
    Cisco Meraki, a provider of cloud-managed IT solutions, announced last week the launch of a public bug bounty program with rewards of up to $10,000 per vulnerability. Cisco Meraki, which resulted from Cisco’s acquisition of Meraki in late 2012, star
  • Cisco Meraki Offers Up to $10,000 in Bug Bounty Program

    vom 149.01 Punkte ic_school_black_18dp
    Cisco Meraki, a provider of cloud-managed IT solutions, announced last week the launch of a public bug bounty program with rewards of up to $10,000 per vulnerability. Cisco Meraki, which resulted from Cisco’s acquisition of Meraki in late 2012, star

Team Security Diskussion über Finding Serious 'Sign In with Apple' Hole Earns Security Researcher a $100,000 Bug Bounty