Friday - February 23, 2018

Major Security Hole Reported In Apple's Two-Step Verification [Update]

  • Security
  • Mar 22 2013 - 3:45pm by Patrick Adam

According to a report by 'The Verge,' Apple's two-step verification process that was rolled out yesterday has a major security flaw, allowing Apple ID and iCloud accounts to be compromised by anyone that has access to your email address and date of birth.  A website containing the step-by-step process shows how a modified URL from the iForgot password page can exploit the vulnerability via the email address and date of birth security question.  Users who haven't enabled the two-step verification are at risk, and it's been reported that those having enabled two-step verification must wait three days before it's effective.

Currently, the password reset page is unavailable due to 'maintenance.'

Update: Apple has confirmed the security vulnerability and the iForgot password page is now active.  The vulnerability has been addressed.

 

Apple PW Reset


Comments: