Hackers are using Apple's new iOS vulnerability called "Sign In With Apple" to gain a user's full account control. According to ScreenRant's latest report, iOS users are exposed to possible hacking because of the new bug in Apple's verification service.
Also Read: [HACKER] New Malware Uses USBs to Steal Data; Microsoft Vulnerabilities Used to Target Devices
A new bug in the "Sign in With Apple" feature can lead to possible malicious acts when accessed by third-party apps since the user information is left unprotected. The discovery of the new bug will help to make the iOS operating system even more secure than before, although it highlights how Apple's security isn't as airtight as some might expect.
Also Read: Facebook Bans 200 Protester Groups Inviting People to Join; Russia and China's State-Medias Will Soon be Labeled
The report claimed that the perception of Apple smart devices shows that it is a safer option compared to other Android products or services. Although the new bug was discovered in a controlled environment, Apple isn't new to inadequate security scenarios.
In this case, the issue was found in the verification system. It showed that the user's Apple ID could grant cyber attackers access to their login information which may lead to malicious acts. This could put banking information, emails, and personal details at risk.
Apple's new bug uses user verification service to gain account control
According to The Hacker News' previous report, Apple paid a huge $100,000 bug bounty to an Indian vulnerability researcher, Bhavuk Jain, after he reported a highly critical vulnerability that was affecting iOS "Sign in with Apple" system.
Users' accounts on third-party services and apps that have been registered using the "Sign in With Apple" option are the main target of the now-patched vulnerability, allowing hackers to bypass authentication remotely.
According to ScreenRant, the discovery of the vulnerability focused on the information accessed by the hackers through user authentication. A JSON Web Token (JWT) is sent when the user clicks on the "Sign in With Apple" option in an app that will grant authorization, followed by a request sent by the company for the users' login information.
An Apple ID that masquerades as a pass to an unwitting user's information can exploit a JWT code. A hacker can deploy the bug using underlying code to gain the user's data access, even if the user chooses to hide login information. The report stated that the issue was patched by Apple after it was alerted.
While the vulnerability has remained an issue, additional security processes might be available to some third-party apps.