Apple ID password reset security hole now plugged

Apple ID password reset security hole now pluggedPoor Apple. Just a few days after rolling out iOS 6.1.3 in order to address the iDevice passcode bypass (which gave potential snoopers access to the Phone app), a worrying security hole was exposed on its Apple ID password reset page.

Douche bags could essentially reset your Apple ID password with only your email address and date of birth, but Tim Cook's security heavies quickly moved to plug said hole.

The story was initially broken by The Verge, who explained that the exploit involved “pasting in a modified URL while answering the DOB security question on Apple's iForgot page.”

Team Cupertino quickly took down the page and promised: "Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix."

Somewhat bizarrely, the exploit was revealed in the same week that Apple rolled out two-step verification for its accounts.

In a nutshell, once set up, any changes to your account, or iTunes/App Store purchases made from a new device, must be verified using a code sent to a device of your choosing.

It’s an increasingly common security feature, and something I use – for example – to ensure my Facebook account is only accessible from my MacBook, iPhone or iPad. Good times.

Read more about: iOS

Add a comment

JanSt / MOD  Mar. 25, 2013 at 12:37

In other words: we need to add MORE private info that future hackers can then exploit? Excellent. Yes, yes... Apple already have your iPhone's phone number, but still...
And if you provide another phone's number (because that is more clever for when your iPhone is stolen/lost), bam bam....

Online services are nutty. Wonder what that says about humanity? Hmmm...

JanSt / MOD  Mar. 25, 2013 at 12:47



You don't need an account to comment. Just enter your email address. We'll keep it private.