undefined | Better HN

story

0 pointsKikawala5y ago0 comments

Is everyone in this thread only going to read the first two paragraphs of the article and skip the rest of it?

> I found I could request JWTs for any Email ID from Apple and when the signature of these tokens was verified using Apple’s public key, they showed as valid. This means an attacker could forge a JWT by linking any Email ID to it and gaining access to the victim’s account.

0 comments

dwaite5y ago

To be honest, I think the author is misrepresenting this, just as they falsely said that this was a "zero-day".

j / k navigate · click thread line to collapse

0 comments

dwaite5y ago

To be honest, I think the author is misrepresenting this, just as they falsely said that this was a "zero-day".

j / k navigate · click thread line to collapse