Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Apple Patches Password Reset Vulnerability
Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period
1 Min Read
Apple Friday patched a serious flaw in its Apple ID security system that would have enabled an attacker to reset a target's password to a password of their own choosing.
Apple took its Apple ID "reset your password" -- a.k.a. "iForgot" -- page offline Friday after The Verge reported that a "step-by-step tutorial" had been published to the Web, detailing how to take advantage of the flaw.
While the site didn't publish a link to the tutorial, it noted that "the exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page" and providing a target's email address. The vulnerability would allow an attacker to access a person's iTunes account, iCloud email and any other sensitive data they stored in Apple's cloud.
Read full story on InformationWeek.
Post a comment to the original version of this story on InformationWeek
Read more about:
2013About the Author
You May Also Like
More Insights
