Hacker News new | past | comments | ask | show | jobs | submit login
Hacking CloudKit: How I accidentally deleted your Apple shortcuts (detectify.com)
19 points by xhruso00 on Sept 13, 2021 | hide | past | favorite | 2 comments



> But remember that I mentioned different APIs talked with CloudKit differently?

As this sentence is the cause of most the bugs in the post I begin to question how they implemented their gateway so that a different endpoint results in a totally different authorization scope. That just screams „auth bug“.


Wow, I remember this happening! That is truly funny to me that it was because of a security researcher accidentally triggering this massive bug.

Great write up, and kudos to apple for not suing him but paying out the bug bounties.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: