If you haven’t moved to the new two factor authentication system for your iCloud and AppleID accounts, now would be a very good time to move to it…. If you can…. I’ll come back to that in a moment. The reason why I say that you should make the move is that there is an exploit that exists using Apple’s iForgot password reset system. Here’s the details from The Verge:
We’ve been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple’s iForgot page. It’s a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand. Out of security concerns, we will not be linking to the website in question.
But it gets worse, even if you wanted to enable two factor authentication, there’s a problem:
Yesterday a number of users were told they’d need to wait three days before enabling two-step verification. As a result, these accounts are fully vulnerable to the exploit. As of right now, the only surefire way these individuals can avoid the security threat is by changing their birthdate through Apple’s account settings page. This option is located at the bottom of “Password and Security.”
The good news is that the iForgot system was taken offline and the exploit has been addressed. But I would still move to the two factor authentication system as you’re going to be much safer in the long run.
Like this:
Like Loading...
Related
This entry was posted on March 23, 2013 at 10:05 am and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Apple Password Reset Exploit Briefly In The Wild And Fixed
If you haven’t moved to the new two factor authentication system for your iCloud and AppleID accounts, now would be a very good time to move to it…. If you can…. I’ll come back to that in a moment. The reason why I say that you should make the move is that there is an exploit that exists using Apple’s iForgot password reset system. Here’s the details from The Verge:
We’ve been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple’s iForgot page. It’s a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand. Out of security concerns, we will not be linking to the website in question.
But it gets worse, even if you wanted to enable two factor authentication, there’s a problem:
Yesterday a number of users were told they’d need to wait three days before enabling two-step verification. As a result, these accounts are fully vulnerable to the exploit. As of right now, the only surefire way these individuals can avoid the security threat is by changing their birthdate through Apple’s account settings page. This option is located at the bottom of “Password and Security.”
The good news is that the iForgot system was taken offline and the exploit has been addressed. But I would still move to the two factor authentication system as you’re going to be much safer in the long run.
Share this:
Like this:
Related
This entry was posted on March 23, 2013 at 10:05 am and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.