I-Apple inikeze umzingeli we-bug bonty $100,000 Ngokuthola nokubika inkinga yokuphepha ebucayi engaholela ku Ukuthatha ama-akhawunti womsebenzisi wasemsebenzini wesithathu.
Umcwaningi Bhavuk Jain uthole ubungozi ku “Ngena ngemvume nge-Apple” ubuso, Isici sonjiniyela esivumela abasebenzisi ukuthi bangene ngemvume kwizinsizakalo besebenzisa ama-Apple ID.
Ukungena ngemvume nge-apula kwethulwa ukuthuthukisa ubumfihlo kanye nokwakha izinqubo zokungena ngemvume kumawebhusayithi avela eceleni nezinhlelo zokusebenza ezisebenzisa i-ID ye-Apple nezinqubo zokufakazela izici ezimbili, Ngenkathi nokugcina ukulandelela eBay.
Nokho, UJain wathola izindlela zokudlula izindlela zokufakazela ubuqiniso futhi athathe ama-akhawunti womsebenzisi wesithathu, nje ngokwazi i-imeyili ye-imeyili yethagethi.
Ngokusho kwe-bug bonty Hunter, Iphutha lokuphepha likhona ngenxa yokuthi i-iPad ne-iPhonekekekekekekekeke bayiphatha kanjani izicelo zokuqinisekiswa kwabasebenzisi be-iPad..
Abasebenzisi bangagunyazwa ngu-Apple nge-JONE Web Token (I-JWT) noma ikhodi ekhiqizwe iseva.
Abasebenzisi bangakhetha ukuthi ngabe babelane nge-imeyili yabo noma cha ngento yesithathu njengengxenye yenqubo yokufakazela ubuqiniso.
Uma i-imeyili ye-imeyili ifihliwe, I-Apple ikhiqiza ithokheni ye-JWT equkethe lolu lwazi olusetshenziswa yinkonzo yeqembu lesithathu ukuqinisekisa umsebenzisi.
Nokho, Umcwaningi uthole ukuthuthukiswa kokuqinisekiswa kokuthi i-apula liphatha kanjani izicelo ze-JWT ngokuqhathaniswa nokuqinisekiswa okunikezwe lapho kufakwa umsebenzisi kwi-akhawunti yabo ngaphambi kokuqala izicelo.
Uthole ukuthi angacela i-JWTS nganoma iyiphi i-imeyili i-imeyili kusuka ku-apula nalapho kufakwa isiginesha yalezi zithombe eziqinisekisiwe
Ukhiye Womphakathi we-Apple, bakhombisa njengokusebenza.
Lokhu kusho ukuthi umhlaseli angabeka i-JWT ngokuxhumanisa noma iyiphi i-imeyili i-imeyili kuyo futhi athole ukufinyelela kwi-akhawunti yesisulu.
Ukuba sengozini manje sekufakiwe.
