Wow! On Interesting Engineering today:
Apple’s useful Sign in with Apple option that was disclosed in June 2019 received a fair bit of positive attention, and for good reason: it replaces social logins with a secure authentication system. On top of that, a user can sign up with third-party apps and services without needing to share their Apple ID email address.
However, a security researcher in New Delhi, India just uncovered a serious flaw in the Sign in with Apple system that would allow an attacker to potentially take over an account merely by using an email ID.
Fear not; all is well, as Fabienne Lang reports: Apple Awards Hacker $100,000 for Discovering ‘Sign in with Apple’ Vulnerability
It’s Leonard’s fault!