Apple's password-resetting process has been taken down following the publication of a major security hole that allowed accounts to be accessed with just an email and date of birth. Apple is in the process of fixing the vulnerability.
The password-reset exploit, first reported by The Verge after they received an anonymous tip, involved pasting a certain URL into the browser while answering the date-of-birth security question. This would grant access to the iTunes and iCloud accounts associated with that email address, with which the attacker could do what they liked.
There is no indication of how long the hole has been available to be taken advantage of, or how accounts have been compromised.
Apple is working on a fix, but in the meantime has taken down the password-reset function. The company rolled out a two-step verification process on Thursday, allowing users to tie their account security to a device ? but it takes three days to take effect, so even early adopters were vulnerable to this exploit.
NBC News has reached out to Apple for comment and will update this post when we hear back.
Devin Coldewey is a contributing writer for NBC News Digital. His personal website is coldewey.cc.
ravens Ravens vs Patriots 49ers Vs Falcons Mama Movie flyers epo suits
No comments:
Post a Comment