Thursday, 30 May 2013

Apple passwords to be reset with only email address, date of birth (update)


Apple yesterday rolled out two-step verification, a security measure that promises to further shield Apple ID andiCloud accounts from being hijacked. Unfortunately, today a new exploit has been discovered that affects all customers who haven't yet enabled the new feature. It allows anyone with your email address and date of birth to reset your password ? using Apple's own tools. We've been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page. It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand. Out of security concerns, we will not be linking to the website in question.
Needless to say, if you haven't enabled two-step verification for your Apple account, we urge you to waste no time in doing so. 
Read More...
 
at
Labels: , , ,
Location: United States

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

The ‘No SIM Card Installed’ Error in iPhone 5

This is annoying: Imagine buying an iPhone, putting your SIM card in it and being told by your Phone that there’s “no SIM card inst...