Saturday 23 March 2013

Apple ID password reset exploit reportedly in the wild

A new exploit permits anyone who is aware of your e-mail address and date of birth to reset an Apple ID password with the use of a special URL, a new report says.

Apple's two-step verification, introduced on Thursday, reportedly stops the exploit in its tracks.

A new exploit lets anyone who knows your birthday and e-mail address change your Apple ID password, according to a new report.

The exploit, described by The Verge though not announced in public, makes use of a special URL that gets around the need for a security question, a security measure Apple put in place on all Apple ID accounts last April.

The reported exploit does not work on accounts with two-step verification enabled, which Apple introduced yesterday, and does away with the safety question in favor of sending a four-digit PIN code to a mobile phone that has to be entered together with the typical password.

"Apple takes customer privacy very seriously," an Apple spokesperson told CNET. "We are aware of this issue and dealing on a fix."

In the interim, the company place its password reset tools into maintenance mode. Apple didn't provide an estimate for when they would be back up again.

Account security is a touchy subject for Apple and the other tech company these days, particularly once the high-profile hacking of a technology journalist last year. That every one kicked off with an iCloud account and eventually led to access of his personal e-mail and Twitter accounts. Apple and others have hardened their account security since.

Apple has over 500 million active Apple ID accounts as a part of its system. Those accounts are used for its various stores and on-line services, including iCloud.

More on : http://news.cnet.com/apple/

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Submit Your Site