"Sign in with Apple" Vulnerability
Researcher Bhavuk Jain discovered a vulnerability in the “Sign in with Apple” feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account.
It is fixed.
EDITED TO ADD (6/2): Another story.
Clive Robinson • June 2, 2020 8:25 AM
Yet another blow to Apples “oh so secure” image…
Makes you wonder why the FBI and DoJ are so so pushy at getting a built in backdoor in Apple Phones etc.
Just goes to show that some peoples mental outlook should kind of get them barred from high office…