The bug is not in the protocol. The bug is about the extra value addition that apple was doing by letting the user choose any other email address.
1. The account take over happens on the third party sites that use the apple login.
2. This seems like a product request to add value to user by providing a relay email address of a user's choice.
From the report- `I found I could request JWTs for any Email ID from Apple and when the signature of these tokens was verified using Appleās public key, they showed as valid.`It's not a bug with protocol or security algorithm. A lock by itself does not provides any security if its not put in the right place.
albertTJames|5 years ago