• Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
What's Hot

The Nothing Headphone (1) is totally bizarre in the best kind of way

July 1, 2025

Apple Drops MLS Season Pass to Half-Price

July 1, 2025

Apple’s Next MacBook Might Have More in Common With Your iPhone Than You Think

July 1, 2025
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
Behind The ScreenBehind The Screen
Home»Security»Critical Vulnerability In Apple Game Center Allowed Authentication Bypass
Security

Critical Vulnerability In Apple Game Center Allowed Authentication Bypass

June 25, 2022Updated:June 25, 2022No Comments2 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Latest Hacking News
Share
Facebook Twitter LinkedIn Pinterest Email

Researchers found a vital vulnerability affecting the Apple Sport Middle that allowed authentication bypass. The bug usually existed within the Parse Server, exposing it to distant assaults.

Apple Sport Middle Vulnerability

In keeping with a latest advisory on GitHub, a vital authentication bypass vulnerability existed within the Parse Server, threatening Apple Sport Middle safety.

Particularly, Parse Server is an open-source backend server that customers can deploy on any infrastructure operating Node.js.

Explaining the impression of this vulnerability, the advisory reads,

The certificates in Apple Sport Middle auth adapter not validated. Consequently, authentication might probably be bypassed by making a faux certificates accessible through sure Apple domains and offering the URL to that certificates in an authData object.

The bug has acquired the identification quantity CVE-2022-31083, and a vital severity ranking, with a CVSS rating of 8.6. It affected Parse Server variations sooner than 4.10.11 and 5.2.2. The bug existed as a result of non-validation of the Parse Server Apple Sport Middle auth adapter. Therefore, any adversary might obtain an authentication bypass through faux certificates. As talked about within the NVD vulnerability description,

Previous to variations 4.10.11 and 5.2.2, the certificates within the Parse Server Apple Sport Middle auth adapter not validated. Consequently, authentication might probably be bypassed by making a faux certificates accessible through sure Apple domains and offering the URL to that certificates in an authData object.

Nonetheless, variations 4.10.11 and 5.2.2 tackle this flaw by introducing a brand new rootCertificateUrl property to the Parse Server Apple Sport Middle auth adapter. It “takes the URL to the foundation certificates of Apple’s Sport Middle authentication certificates”.

See also  Crypto bridge RenBridge used to launder $540 million, says report

So, if builders haven’t set a worth for it, the brand new property defaults to the URL of the existing root certificate. The advisory urges builders to maintain the foundation certificates URL up to date when utilizing Parse Server Apple Sport Middle auth adapter.

For now, whereas the patch has arrived, no workaround is offered for the vulnerability.

Tell us your ideas within the feedback.

Source link

Allowed Apple Authentication Bypass Center Critical game Vulnerability
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Apple Drops MLS Season Pass to Half-Price

July 1, 2025

Apple Intelligence Comes to Pixelmator Pro

July 1, 2025

Google Calendar Comes to the Apple Watch

June 30, 2025

Apple Music’s ‘All Time Replay’ Lets You Relive Your Top Hits of the Past Decade

June 30, 2025
Add A Comment

Comments are closed.

Editors Picks

Diablo Immortal players are finding themselves with big in-game orb debt

September 4, 2022

Google TV iOS app takes over for Play Movies & TV

June 26, 2022

Warhammer 40,000: Battlesector’s new Daemonic update is now available

July 30, 2022

Track and Analyze Your Daily State of Mind and Emotions on Your iPhone

February 9, 2024

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

The Nothing Headphone (1) is totally bizarre in the best kind of way

Apple Drops MLS Season Pass to Half-Price

Apple’s Next MacBook Might Have More in Common With Your iPhone Than You Think

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.fr - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.