this writes The Hacker News, citing the award of cyberexperts. Feature “sign in with Apple” was presented last year and designed for secure account creation and authorization of third-party applications with the main account Apple. She, unlike similar systems from Facebook and Google, allows you to create such accounts by sharing with developers a minimum of personal information and without opening mail that is registered to an Apple account.
According to Jaina discovered the vulnerability contained in the way that there is a verification of the user-side client application before the request was initiated with authorization servers at Apple. The bug allows attackers forging a JSON Web Token with confidential information, log in using “sign in with Apple” in third-party applications used by the victim.
currently, the vulnerability is eliminated. Apple has argued that the investigation did not reveal real-world attacks from its use.
In April this year, two critical vulnerabilities were found in mobile app Apple Mail (Mail) for iOS devices. They allow hackers to remotely execute malicious code and take control of your iPhone or iPad of the victim. According to who discovered the “hole” of the company ZecOps, vulnerability actively exploited by attackers 2018-th year.
During this time, experts have recorded at least six targeted attacks – including on an unnamed journalist in Europe, a senior Manager of one of the Japanese carriers, as well as employees of several large U.S. firms from the Fortune 500 list. The malicious messages on the victims ‘ devices were found – this suggests that they removed themselves hackers to cover their tracks.