Sunday May 31, 2020
Books – Asim Al-Ansari:
A security researcher has detected a serious security vulnerability that exposed users of the iPhone to the American Apple company.
According to the “Engadget” website, researcher Bafok Jian discovered the security vulnerability in the “log in using Apple” system, and it uses a misleading message to users that appears to belong to “Apple”, but its real goal is to seize user accounts.
An attacker could generate a token associated with any email ID and verify that it was valid using the public “Apple” key, to be able to control the user’s account and know all the personal and bank data.
According to the researcher, this allows for complete seizure of the account, even if you choose to hide your email from other services.
Jane detected that vulnerability last April, and received a reward from Apple of $ 100,000.
Apple has already addressed the vulnerability, and the company said, “There is no evidence of hacking due to the defect,” but it refused to provide evidence that its users’ accounts were not compromised due to that vulnerability.