Apple’s iForgot password reset page is now back online, and iMore has verified that the security hole, discovered earlier today in Apple’s password reset page, has been closed.
Previously, after providing a victim’s Apple ID and date of birth, an attacker could send a URL to Apple that would change the password for that account, without needing to answer any security questions. In response, Apple blocked access to the password reset page, and a short while later took the entire site down in light of another loophole that still allowed the attack to be performed.
This vulnerability came at an interesting time, just a day after Apple began to roll out its two-step verification system. Users who had already enrolled in the new system seem to have been immune from the password reset vulnerability.
Unfortunately some users were held in a three-day waiting period for enabling two-step verification, while others live in countries where two-step verification is not currently available.
Today’s events serve as an important example of why two-step verification is a good idea. People interested in getting two-step verification set up can find out how with iMore’s tutorial.
Update: Details on how the exploit worked can be found here.
We may earn a commission for purchases using our links. Learn more.
Jonas Brothers promoting Apple Music's Dolby Atmos with 'Happiness Begins'
Apple Music continues to grow its collection of songs that feature Spatial Audio with Dolby Atmos, this time with Jonas Brothers and Happiness Begins.
AppleCare+ just got cheaper for the M1 MacBook Air and MacBook Pro
Apple has reduced the amount of money customers have to pay to sign up for AppleCare+ for M1 MacBook Air and MacBook Pro machines.
Satechi's new Slim X2 Bluetooth Backlit Keyboard is stunning
Satechi has announced a new Bluetooth keyboard with multi-device support, a number pad, and more.
Get the most out of your HomePod mini with these awesome accessories
Whether you are looking to expand your HomeKit empire, upgrade your home theater, or just want to protect your investment, these are the best accessories for HomePod mini.