Apple Computer said it fixed a security flaw at its online store late last week that could have enabled attackers to hijack customers' accounts and place fraudulent orders.
The flaw, discovered by an anonymous Canadian security researcher who uses the nickname "Null," potentially allowed malicious users to change Apple Store customers' passwords and gain control of the victims' account data.
Information stored by Apple includes customers' names, mailing addresses, telephone numbers, order histories and credit card information.
Apple representatives said the company corrected the problem Friday, but declined to provide details of the fix. Spokesman Bill Evans said Apple does not believe any customers were affected by the vulnerability.
News source: Wired news
-1 Comments - Add comment