Apple’s iForgot password reset page is now back online, and iMore has verified that the security hole, discovered earlier today in Apple’s password reset page, has been closed.
Previously, after providing a victim’s Apple ID and date of birth, an attacker could send a URL to Apple that would change the password for that account, without needing to answer any security questions. In response, Apple blocked access to the password reset page, and a short while later took the entire site down in light of another loophole that still allowed the attack to be performed.
This vulnerability came at an interesting time, just a day after Apple began to roll out its two-step verification system. Users who had already enrolled in the new system seem to have been immune from the password reset vulnerability.
Unfortunately some users were held in a three-day waiting period for enabling two-step verification, while others live in countries where two-step verification is not currently available.
Today’s events serve as an important example of why two-step verification is a good idea. People interested in getting two-step verification set up can find out how with iMore’s tutorial.
Update: Details on how the exploit worked can be found here.
We may earn a commission for purchases using our links. Learn more.
What was it like working on the set of 'Cherry'?
I worked on the set of the film 'Cherry' which will be released on Apple TV+ on March 12. It was a pretty incredible experience; here's what it was like behind the scenes.
March 23 Apple event could bring AirTags, new iPad Pro, AirPods, Apple TV
Apple might be set to lift the lid on a ton of new hardware.
Apple VR leak suggests 2022 release date, key features
A new research note from Apple supply chain guru Ming-Chi Kuo indicates Apple's VR headset is coming next year, and will be highly integrated with products like Apple TV+ and Apple Arcade.
Get better back support with a great cushion
Sitting all day can be a real pain in the back. Find some comfort with these memory foam cushions.