Steven Parker

Steven Parker

1573651995

Catalyst With Apple SignIn

This “Catalyst With Apple Sign In” Demo is very simple & easy to understand about How to developer Catalyst app and sign with Apple. This demo includes Login screen, sign with apple and home screen.

#swift #swiftlag #ios #MacCatalyst

What is GEEK

Buddha Community

Catalyst With Apple SignIn

Maria Smith

1623919962

How can I get a human at Apple to report problem?

**How Do I Report a Problem to Apple Customer Service?
**

There are times when you may find some issue with your Apple product however you rarely see an issue. You can report a problem if you want to. All you need is to perform a few simple steps and here are the steps that you should perform. Go through them.

**How can I get human at Apple?
**

• First and foremost, you need to go to reportaproblem.apple.com.
• Next, you have to sign in to your Apple account by entering your Apple ID and Password.
• In case you see a Report or Report a Problem option next to the item in which you see a problem, click it.
• After that, you need to follow the onscreen instructions and select a reason why you want to report a problem.
• Lastly, you need to submit your request.

**How do you get through to Apple Support?
**

With this, you can report online for your Apple product. In case you want to contact Apple customer service to report a problem, you can do that in the given ways.

  1. Over a Phone Call - Dial the customer service phone number to get help for any problem that you see with your Apple account. Also, you can report the problem on a single phone call.
    You can speak to a human at Apple technical support: (800) APL–CARE (800–275–2273)
  2. Through Live Chat - By requesting a live chat, you will be in touch with a representative who will assist you thoroughly to report a problem that you see with your Apple account.
  3. Via Email - The most common way to report a problem on Apple is email. You can compose an email explaining the issue that you see with the service and report it. Once your email is received, the tech support team acknowledges the issue and provides you all information within the least possible time.

By choosing any of the desired ways to report a problem, you can complain about the issue to the tech support team (Apple customer service). Also, you will no longer wonder how to get a human at Apple support. The above information will help you in all manners and let you experience the hassle-free service of Apple. So, dial the number or send an email, but get help from the experts.

#how can i get a human at apple #how do i reach a human at apple? #how do i call apple support? #contact apple support #call apple support #apple's online support

Seamus  Quitzon

Seamus Quitzon

1593152820

Apple Pays $100K Bounty for Critical 'Sign in With Apple' Flaw

Apple has fixed a critical flaw in its Sign in with Apple feature, which could have been abused by attackers to takeover victims’ third-party applications.

A researcher recently found a critical Apple vulnerability that, if exploited, could enable remote attackers to abuse the “Sign in with Apple” feature to take over victims’ third-party application accounts. The security researcher, Bhavuk Jain, reported the flaw to Apple via its bug bounty program, and was awarded $100,000 for the find.

The flaw stemmed from the “Sign in with Apple” feature, which was introduced by Apple at its Worldwide Developers Conference last year. Sign in with Apple aimed to make it easy and secure for Apple users to sign into third-party apps and websites. It did this by implementing an Apple-backed authentication system to replace social logins on third-party services.

“In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn’t implement their own additional security measures,” said Jain, in his disclosure of the bug on Sunday. “This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not.”

Apple has since fixed the flaw. Threatpost has reached out to Apple for further comment.

One of the highlights of Sign in with Apple is that users could sign up with third-party services without needing to disclose their Apple ID email address to these services. This worked because Sign in with Apple would first validate users on the client side, and then initiate a JSON Web Token (JWT) request from Apple’s authentication services. This JWT would then be used by the third-party app to confirm the user’s identity.

The issue was that after Apple validated the user on the client side via their Apple ID email address, it did not verify that the JWT request was from that actual user account. An attacker could abuse this flaw by providing an Apple ID email that belongs to the victim and tricking Apple servers into generating a valid JWT payload. Once an attacker does this, he can then sign into a third-party app using the victim’s identity.

apple critical flaw

“I found I could request JWTs for any Email ID from Apple and when the signature of these tokens was verified using Apple’s public key, they showed as valid,” he said. “This means an attacker could forge a JWT by linking any Email ID to it and gaining access to the victim’s account.”

According to The Hacker News, the flaw could be exploited even if users had decided to hide their email IDs from third-party services. It could also be exploited to sign up new accounts with victims’ Apple IDs.

There are two hoops that attackers would need to jump through to make this exploit work. First, they would need an email ID for an Apple user – though that could be any Apple user’s email ID. Second, they would need to log into a third-party app via Sign in with Apple that didn’t require any further security measures.

Jain said the impact of this vulnerability is “quite critical” as it could allow full account takeover. Many developers have integrated Sign in with Apple into their services, including Dropbox, Spotify, Airbnb, and Giphy.

“These applications were not tested but could have been vulnerable to a full account takeover if there weren’t any other security measures in place while verifying a user,” Jain said.

Jain said that Apple conducted an investigation of their logs and determined there was no misuse or account compromise due to this vulnerability. The researcher found the flaw in April and reported it via Apple’s bug bounty program which earned him $100,000. Threatpost has reached out to Jain for further details on the timeline of discovering and reporting the flaw.

#mobile security #vulnerabilities #web security #app takeover #apple #apple bug bounty #apple flaw #bug bounty #critical flaw #security vulnerability #sign in with apple #third party app

Juned Ghanchi

Juned Ghanchi

1621225529

Apple Watch App Development Company - IndianAppDevelopers

Are you looking for an Indian Apple Watch app development company? IndianAppDevelopers create an impeccable custom wearable app for the iOS platform with robust features which take user experience to the next level. In addition, we build fully native Apple Watch apps specifically for medical, fitness, lifestyle, and other industries.

Hire our 4+ years of average experience skilled wearable app developers who provide unique end-to-end wearable app solutions to empower your brand to your audiences.

Do you have an Apple Watch app development project? or Planning to hire Apple watch app developers? Let’s talk about that!

#apple watch app development company #apple watch development company #hire apple watch app developers #apple watch app development agency

Juned Ghanchi

1621226112

Apple Watch App Development Company - IndianAppDevelopers

Are you looking for an Indian Apple Watch app development company? IndianAppDevelopers create an impeccable custom wearable app for the iOS platform with robust features which take user experience to the next level. In addition, we build fully native Apple Watch apps specifically for medical, fitness, lifestyle, and other industries.

Hire our 4+ years of average experience skilled wearable app developers who provide unique end-to-end wearable app solutions to empower your brand to your audiences.

Do you have an Apple Watch app development project? or Planning to hire Apple watch app developers? Let’s talk about that!

#apple watch app development company india #hire apple watch app developers india #apple watch development company #hire apple watch developers

Christa  Stehr

Christa Stehr

1595661791

Apple Security Research Device Program Draws Mixed Reactions

Apple’s Security Research Device program is now open to select researchers – but some are irked by the program’s vulnerability disclosure restrictions.

Apple’s long anticipated Security Research Device program has launched, giving select security researchers access to testable iPhones that will make it easier for them to find iOS vulnerabilities.

The program offers security researchers specially configured iPhones with shell access, and special features such as advanced debug capabilities. The devices behave “as closely to a standard iPhone as possible in order to be a representative research target,” said Apple.

“As part of Apple’s commitment to security, this program is designed to help improve security for all iOS users, bring more researchers to iPhone, and improve efficiency for those who already work on iOS security,” according to Apple in a Wednesday announcement. “It features an iPhone dedicated exclusively to security research, with unique code execution and containment policies.”

To be eligible for the program, researchers must be a membership Account Holder in the Apple Developer Program and have a “proven track record of success” in finding security issues on Apple platforms.

The devices are provided on a 12-month renewable basis, are not meant for personal use, and must remain on the premises of program participants at all times, according to Apple.

“If you use the SRD to find, test, validate, verify, or confirm a vulnerability, you must promptly report it to Apple and, if the bug is in third-party code, to the appropriate third party,” according to Apple.

Mixed Reactions

The Security Research Device program has been praised by some in the security space as a “good step forward” for the iPhone maker, which up until last summer had a historically restricted bug bounty program.

Patrick Wardle, security researcher with Jamf, said that the new program will make the analysis of third-party apps much easier – which is “something that may directly impact end users in a positive way.”

“I’m happy that Apple is moving forward with this program,” Wardle told Threatpost. “Though the devices may not be fully open (i.e. probably won’t have the ability to boot custom kernels, etc) and there are some legal restraints (i.e. any bug found must be reported to Apple), I still think it’s a good step forward.”

On the flip side, however, Google Project Zero’s security research team, Ben Hawkes, took to Twitter to air complaints about the program’s vulnerability disclosure restrictions.

“It looks like we won’t be able to use the Apple ‘Security Research Device’ due to the vulnerability disclosure restrictions, which seem specifically designed to exclude Project Zero and other researchers who use a 90 day policy,” he said.

Apple’s program policy says that if researchers report a vulnerability affecting Apple products, Apple will provide them with a publication date (usually the date on which Apple releases the update to resolve the issue).

“Apple will work in good faith to resolve each vulnerability as soon as practical,” according to the policy. “Until the publication date, you cannot discuss the vulnerability with others.”

Threatpost has reached out to Apple for further clarification on this policy.

Hawkes said Google Project Zero will continue to research Apple platforms and provide Apple with their findings. “But I’ll confess, I’m pretty disappointed,” he said.

#bug bounty #mobile security #apple #apple bug bounty #apple developer program #bug bounty #ios #iphone #mac #macos #security research device program #vulnerability