Ios
featured
Ios
featured
Ios
PhoneDog Media Exclusive
Download iM5, now available in the App Store and Google Play. iM5 is a PhoneDog Media backed Social Platform to inspire real-life action through the crowdsourcing of ideas. See the video

Apple ID

Well, this is strange timing. Just a day after Apple introduced two-step verification for Apple IDs and iCloud accounts, a new vulnerability has been discovered that affects anyone not already signed up for the increased security. According to The Verge, the exploit allows anyone to reset the password of an Apple ID with just the account's email address and date of birth. With that information, a malicious individual needs to simply paste a certain URL into his or her address bar while being presented with the date of birth question in Apple's iForgot password reset process.

This security hole sounds pretty serious, not only because it could allow someone to reset a user's Apple ID password, but also because of how easy it is to perform with the correct information. The good news is that Apple's new two-step verification can protect a user's account from this exploit. Two-step verification can be enabled right here. Unfortunately, The Verge notes that some users have been told that they need to wait three days before enabling two-step verification on their accounts, so for now they'll need to try and change the date of birth on their account to something else to try and avoid having their password reset. Apple has yet to comment on this vulnerability, but we'll let you know if it issues a statement. How many of you have already enabled Apple's two-step verification?

UPDATE: Apple still hasn't commented on the vulnerability, but it has taken its password reset tool offline.

UPDATE 2: Apple has confirmed the existence of the security hole in a statement given to The Verge, adding that it is currently working on a fix. The full statement:

"Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix."

UPDATE 3: The iForgot password reset tool is now back online, and iMore notes that the vulnerability has now been patched. Still, Apple ID users that haven't yet signed up for two-step verification may want to do so to add an extra layer of security to their account.

Via The Verge (1), (2), iMore


Don't forget to VOTE! Each week, PhoneDog Fans vote for their #1 smartphone in the Official Smartphone Rankings. Vote now and contribute to the industry's most relevant weekly ranking charts


Related posts



Comments & discussions  




Most popular Videos
Most popular Videos
Most popular Videos

Most popular Reactions
Most popular Reactions
Most popular Reactions

This weeks "People's Choice Rankings" best smartphones
People's Choice Rankings


See all hot devices