Vulnerability allowed sign-in from any Apple ID

Vulnerability allowed sign-in from any Apple ID

4 years ago
Anonymous $-9GJQVHNr8

https://www.bleepingcomputer.com/news/apple/sign-in-with-apple-vulnerability-earns-researcher-100-000/

Remember seeing that slick "Sign in with Apple" button across many websites and apps? It turns out that a vulnerability allowed attackers to log in to sites using any Apple ID.

Only last year, Apple announced this new “privacy tool” to come to every iPhone and apps, in its quest to offer greater security to Apple users. The sign-in feature was introduced to let users log in to services with their Apple ID, as opposed to an email address and password.