Poor Apple. Just a few days after rolling out iOS 6.1.3 in order to address the iDevice passcode bypass (which gave potential snoopers access to the Phone app), a worrying security hole was exposed on its Apple ID password reset page.
Douche bags could essentially reset your Apple ID password with only your email address and date of birth, but Tim Cook's security heavies quickly moved to plug said hole.
The story was initially broken by The Verge, who explained that the exploit involved “pasting in a modified URL while answering the DOB security question on Apple's iForgot page.”
Team Cupertino quickly took down the page and promised: "Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix."
Somewhat bizarrely, the exploit was revealed in the same week that Apple rolled out two-step verification for its accounts.
In a nutshell, once set up, any changes to your account, or iTunes/App Store purchases made from a new device, must be verified using a code sent to a device of your choosing.
It’s an increasingly common security feature, and something I use – for example – to ensure my Facebook account is only accessible from my MacBook, iPhone or iPad. Good times.