Jump to content



Photo

Major security hole allows Apple passwords to be reset

apple

  • Please log in to reply
2 replies to this topic

#1 +techbeck

techbeck

    It's not that I am lazy, it's that I just don't care

  • 19,441 posts
  • Joined: 20-January 05

Posted 22 March 2013 - 19:07

Apple yesterday rolled out two-step verification, a security measure that promises to further shield Apple ID and iCloud accounts from being hijacked. Unfortunately, today a new exploit has been discovered that affects all customers who haven't yet enabled the new feature. It allows anyone with your email address and date of birth to reset your password — using Apple's own tools. We've been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page. It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand. Out of security concerns, we will not be linking to the website in question.

Needless to say, if you haven't enabled two-step verification for your Apple account, we urge you to waste no time in doing so. You can start the process here. Apple has also set up an FAQ page for any questions you may have. We've reached out to the company and will update this post accordingly upon the company's reply.

http://www.theverge.com/2013/3/22/4136242/major-security-hole-allows-apple-id-passwords-reset-with-email-date-of-birth


#2 Praetor

Praetor

    ASCii / ANSi Designer

  • 3,377 posts
  • Joined: 05-June 02
  • Location: Lisbon
  • OS: Windows Eight dot One dot One 1!one

Posted 22 March 2013 - 19:23

oh snap... :pinch:

update: "We've had a little more time to explore the hack and have yet more bad news to report. Yesterday a number of users were told they'd need to wait three days before enabling two-step verification. As a result, these accounts are fully vulnerable to the exploit. As of right now, the only surefire way these individuals can avoid the security threat is by change their birthdate on Apple's account settings page. This option is located at the bottom of "Password and Security.""

#3 fusi0n

fusi0n

    Don't call it a come back

  • 3,901 posts
  • Joined: 08-July 04
  • OS: OSX 10.9\Windows 10\Ubuntu
  • Phone: LG G3

Posted 22 March 2013 - 19:32

Ugh, that sucks.. This affects a lot of people..