Sign in with Apple ID | Breaking Cybersecurity News | The Hacker News

Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account. Uncovered in February by Thijs Alkemade , a security specialist at IT security firm Computest, the flaw resided in Apple's implementation of TouchID (or FaceID) biometric feature that authenticated users to log in to websites on Safari, specifically those that use Apple ID logins. After the issue was reported to Apple through their responsible disclosure program, the iPhone maker addressed the vulnerability in a server-side update . An Authentication Flaw The central premise of the flaw is as follows. When users try to sign in to a website that requires an Apple ID, a prompt is displayed to authenticate the login using Touch ID. Doing so skips the two-factor authentication step since it already leverages a combination of factors for identification, such as the device (something you have) and...

Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its ' Sign in with Apple ' system. The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted users' accounts on third-party services and apps that have been registered using 'Sign in with Apple' option. Launched last year at Apple's WWDC conference, ' Sign in with Apple ' feature was introduced to the world as a privacy-preserving login mechanism that allows users to sign up an account with 3rd-party apps without disclosing their actual email addresses (also used as Apple IDs). In an interview with The Hacker News, Bhavuk Jain revealed that the vulnerability he discovered resided in the way Apple was validating a user on the client-side before initiating a request from Apple's authentication servers. For those unaware, while authenticating...

Just like 'login with Google,' 'login with Facebook,' Twitter, LinkedIn or any other social media site, you would now be able to quickly sign-up and log into third-party websites and apps using your Apple ID. What's the difference? Well, Apple claims that signing-in with Apple ID would protect users' privacy by not disclosing their actual email addresses to the 3rd-party services and also limiting personal information to the minimum necessary data. While announcing 'Sign in with Apple' today at WWDC, the company revealed that the feature has been designed to randomly generate a new unique email address for each different service a user sign-up with, and will forward all emails to your primary email ID, internally. "It [randomly generate emails] is a smart jab against spam: Not only will you be able to turn off spammy email more easily, but you'll also be able to see who exactly is sharing and selling your email widely when that random a...

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial brands, all claiming to back new ways to earn passive income. The goal? Build trust quickly and steer readers toward professional-looking scam platforms like Trap10, Solara Vynex, or Eclipse Earn. Scammers use sponsored ads on Google, Meta, and blog networks to push traffic to these sites. Ads often carry clickbait headlines—"You won't believe what a prominent public figure just revealed"—paired with official photos or national flags to make them feel legit. Clicking the ad directs users to a fake article, which then redirects them to a fraudulent trading platform. Many of these scams follow a...