"Apple Game Center is Affected by Critical Parse Server Vulnerability"

A Parse Server software flaw has led to the discovery of an authentication bypass affecting Apple Game Center. The open-source Parse Server project, which is available on GitHub, offers push notification functionality for iOS, macOS, Android, and tvOS. The software is a backend system compatible with any infrastructure capable of running Node.js, and it may be used independently or in conjunction with already-existing web applications. A bug in Parse Server versions previous to 4.10.11/5.0.0/5.2.2 caused a validation issue in Apple Game Center, according to a security notice issued on June 17. The security flaw has a CVSS severity score of 8.6 and is described as an instance in which the security certificate for Apple Game Center's authentication adaptor is not validated. As a result of the flaw, authentication could be evaded by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. This article continues to discuss the critical Parse Server vulnerability affecting the Apple Game Center. 

CyberIntelMag reports "Apple Game Center is Affected by Critical Parse Server Vulnerability"