Hacking CloudKit: How I accidentally deleted your Apple shortcuts(labs.detectify.com) |
Hacking CloudKit: How I accidentally deleted your Apple shortcuts(labs.detectify.com) |
As this sentence is the cause of most the bugs in the post I begin to question how they implemented their gateway so that a different endpoint results in a totally different authorization scope. That just screams „auth bug“.
Great write up, and kudos to apple for not suing him but paying out the bug bounties.