Zero-day in Sign in with Apple
bhavukjain.com/blog/2020/05/…
6
8
2
28
If I'm reading it right it's not the token endpoint, it's their internal API for accepting the request that let the user choose which email to share with the app. So it's a form validation problem.
May 31, 2020 · 12:37 PM UTC
1


