• Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
What's Hot

Oppo Find N5 review: Stellar foldable has one big problem

July 30, 2025

The Naked Gun review: Charged with man’s laughter

July 30, 2025

Samsung Galaxy Tab S10 FE+ review: A Galaxy Tab S10+ for less?

July 30, 2025
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
Behind The ScreenBehind The Screen
Home»Security»Critical Vulnerability In Apple Game Center Allowed Authentication Bypass
Security

Critical Vulnerability In Apple Game Center Allowed Authentication Bypass

June 25, 2022Updated:June 25, 2022No Comments2 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Latest Hacking News
Share
Facebook Twitter LinkedIn Pinterest Email

Researchers found a vital vulnerability affecting the Apple Sport Middle that allowed authentication bypass. The bug usually existed within the Parse Server, exposing it to distant assaults.

Apple Sport Middle Vulnerability

In keeping with a latest advisory on GitHub, a vital authentication bypass vulnerability existed within the Parse Server, threatening Apple Sport Middle safety.

Particularly, Parse Server is an open-source backend server that customers can deploy on any infrastructure operating Node.js.

Explaining the impression of this vulnerability, the advisory reads,

The certificates in Apple Sport Middle auth adapter not validated. Consequently, authentication might probably be bypassed by making a faux certificates accessible through sure Apple domains and offering the URL to that certificates in an authData object.

The bug has acquired the identification quantity CVE-2022-31083, and a vital severity ranking, with a CVSS rating of 8.6. It affected Parse Server variations sooner than 4.10.11 and 5.2.2. The bug existed as a result of non-validation of the Parse Server Apple Sport Middle auth adapter. Therefore, any adversary might obtain an authentication bypass through faux certificates. As talked about within the NVD vulnerability description,

Previous to variations 4.10.11 and 5.2.2, the certificates within the Parse Server Apple Sport Middle auth adapter not validated. Consequently, authentication might probably be bypassed by making a faux certificates accessible through sure Apple domains and offering the URL to that certificates in an authData object.

Nonetheless, variations 4.10.11 and 5.2.2 tackle this flaw by introducing a brand new rootCertificateUrl property to the Parse Server Apple Sport Middle auth adapter. It “takes the URL to the foundation certificates of Apple’s Sport Middle authentication certificates”.

See also  Microsoft Patch Tuesday June Arrives With 55 Security Updates

So, if builders haven’t set a worth for it, the brand new property defaults to the URL of the existing root certificate. The advisory urges builders to maintain the foundation certificates URL up to date when utilizing Parse Server Apple Sport Middle auth adapter.

For now, whereas the patch has arrived, no workaround is offered for the vulnerability.

Tell us your ideas within the feedback.

Source link

Allowed Apple Authentication Bypass Center Critical game Vulnerability
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Your Next iPhone Charger Won’t Need an Apple Logo to Be Fast

July 25, 2025

Apple TV+ Confirms Another Round for its Hit Golf Comedy

July 24, 2025

Apple News Audio Expands Beyond US Borders

July 24, 2025

Apple Has a New Way to Sell You Peace of Mind

July 23, 2025
Add A Comment

Comments are closed.

Editors Picks

Epic and Match antitrust case against Google goes to trial November 6th

January 20, 2023

Online betting company BetCity signs with TrueLayer for instant payouts to players

November 24, 2022

12 DuckDuckGo Tips and Tricks You Need to Know

August 7, 2023

Rockstar confirms what everyone suspected: Red Dead Online won’t be getting any major new content

July 8, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Oppo Find N5 review: Stellar foldable has one big problem

The Naked Gun review: Charged with man’s laughter

Samsung Galaxy Tab S10 FE+ review: A Galaxy Tab S10+ for less?

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.fr - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.