Now Patched 'Sign in With Apple' Bug Left Users Open to Attack
Researcher Bhavuk Jain in April discovered a critical Sign in With Apple vulnerability that could have resulted in a takeover of some user accounts. The bug was specific to third party apps that used Sign in With Apple and didn't implement additional security measures.
Jain notes that Sign in With Apple works by authenticating a user through a JWT (JSON Web Token) or a code that's generated by Apple's server. Apple then gives users the option to share either the email tied to their Apple ID or a private relay email address,which creates a JWT that's used to log in a user.
Jain then discovered that once JWTs for both Apple ID emails and private relay email addresses were requested and the token's signature was verified using Apple's public key, it "showed as valid." Should the bug have not been discovered, a JWT could be created and used to gain access to one's account.
In an interview with The Hacker News, Jain spoke about the severity of the bug:
The impact of the this vulnerability was quite critical as it could have allowed a full account takeover. Many developers have integrated Sign in with Apple since it is mandatory for applications that support other social logins. To name a few that use Sign in with Apple - Dropbox, Spotify, Airbnb, Giphy (now acquired by Facebook).
According to Jain, Apple conducted an investigation and concluded that no accounts were compromised using this method before the vulnerability was patched. Jain was paid $100,000 by Apple under its Apple Security Bounty Program for reporting the bug.
Popular Stories
The upcoming iOS 26.1 update includes a small but helpful change for iPhones, and it could prevent you from running late to something important.
Specifically, when an alarm goes off in the Clock app, there is a new "slide to stop" control on the screen for turning off the alarm. On previous iOS 26 versions, there is simply a large "stop" button, which could be accidentally tapped.
The new ...
Apple has just given a strong indication that it will not be releasing any additional new Macs for the remainder of the year.
Apple's CFO Kevan Parekh dropped the hint during the company's earnings call on Thursday:On Mac, keep in mind, we expect to face a very difficult compare against the M4 MacBook Pro, Mac mini, and iMac launches in the year-ago quarter.Parekh essentially gave a heads up ...
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max.
One thing worth...
Apple is about to drop iOS 26.1, the first major point release since iOS 26 was rolled out in September, and there are at least six notable changes and improvements to look forward to. We've rounded them up below.
Apple has already provided developers and public beta testers with the release candidate version of iOS 26.1, which means Apple will likely roll out the update to all compatible...
Apple is expected to launch a new foldable iPhone next year, based on multiple rumors and credible sources. The long-awaited device has been rumored for years now, but signs increasingly suggest that 2026 could indeed be the year that Apple releases its first foldable device.
Below, we've collated an updated set of key details that have been leaked about Apple's foldable iPhone so far.
Ove...
Apple's iPhone 18 Pro models could be available in new rich and warm color option, according to a known leaker.
The Weibo user known as "Instant Digital" today suggested that next-year's iPhone 18 Pro models will be available in at least one of the following color options: Coffee, purple, and burgundy.
The iPhone XR, iPhone 11, iPhone 12, iPhone 14, and iPhone 14 Pro were all available in ...
Apple launched the Apple TV HD, the Siri Remote, tvOS, and their accompanying App Store a decade ago today, marking a major overhaul of the device.
The new vision for the Apple TV was unveiled on September 9, 2015 during Apple's "Hey Siri" event in San Francisco, where CEO Tim Cook introduced the device with the statement, "The future of TV is apps." The announcement represented a major...
Tomorrow is Halloween, and then November is upon us. Below, we outline what to expect from Apple next month, as the slower holiday season approaches.
Apple is expected to kick off November by releasing iOS 26.1, iPadOS 26.1, macOS 26.1, watchOS 26.1, tvOS 26.1, and visionOS 26.1. With beta testing now wrapped up, the updates will likely be released this Monday, November 3 or Tuesday,...
The upcoming iOS 26.1 update includes a handful of new features and changes for iPhones, including a toggle for changing the appearance of the Liquid Glass design, "slide to stop" for alarms in the Clock app, and more.
Below, we outline key details about iOS 26.1.
Release Date
Given that Apple has yet to seed an iOS 26.1 Release Candidate, which is typically the final beta version, the...
Apple CEO Tim Cook today said that a more personalized version of Siri remains on track to launch at some point next year, with the new set of features expected to debut on the iPhone as part of iOS 26.4 in March or April.
"We're also excited for a more personalized Siri," said Cook, on Apple's earnings call for the third quarter of the 2025 calendar year. "We're making good progress on it,...
