Game Center will receive a revised dashboard look complete with friends’ activities in iOS 16, set for release later this year. Furthermore, the advisory notes that it is also an Apple ecosystem developer’s responsibility to keep the root certificate up to date while using the Parse Server Apple Game Center auth adapter. If developers have not set a value in the authentication system, the new property defaults to the URL of the root certificate in use by Apple. A new rootCertificateUrl property has been implemented in the software’s Apple Game Center auth adapter, which “takes the URL to the root certificate of Apple’s Game Center authentication certificate”. “As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object,” the advisory reads.Īttack complexity is considered low and no privileges are required.Ī fix has been issued in Parse Server 4.10.11/5.2.2.
Tracked as CVE-2022-31083 and issued a CVSS severity score of 8.6, the security issue is described as a scenario in which the authentication adapter for Apple Game Center’s security certificate is not validated. The platform includes leaderboards and real-time multiplayer play. Read more of the latest Apple security newsĪccording to a security advisory published on June 17, a bug in Parse Server versions before 4.10.11/5.0.0/5.2.2 caused a validation issue in Apple Game Center.Īpple calls the Game Center its ‘social gaming network’.
#Best eset cyber security web and email configuration software
The software is a backend system compatible with any infrastructure able to run Node.js, the Express web application framework, and can be operated independently or with existing web applications. Parse Server is an open source project available on GitHub that provides push notification functionality for iOS, macOS, Android, and tvOS. Fake certificates could be used to bypass authentication controlsĪ vulnerability in Parse Server software has led to the discovery of an authentication bypass impacting Apple Game Center.
0 kommentar(er)
