This critical ‘Sign in with Apple’ security vulnerability could have enabled account takeovers
When Apple announced Sign in with Apple at the June 2019 worldwide developers conference, it called it a “more private way to simply and quickly sign into apps and websites.” The idea was, and still is, a good one: replace social logins that can be used to collect personal data with a secure authentication system backed by Apple’s promise not to profile users or their app activity.
One of the plus points that got a lot of attention at the time was the ability for a user to sign up with third-party apps and services without needing to disclose their Apple ID email address. Unsurprisingly, it has been pushed as being a more privacy-oriented option than using your Facebook or Google account.
Fast forward to April 2020, and a security researcher from Delhi uncovered a critical Sign in with Apple vulnerability that could allow an attacker to potentially take over an account with just an email ID.
