Blog

Apple Disables Account Resets in Response to Flaw

By Rich

According to The Verge, someone discovered a way to take over Apple IDs using only the owner’s email address and date of birth.

This appears to be an error exposed when they enabled 2-factor authentication, but as soon as it went public Apple disabled the iForgot feature and locked all accounts down. This seems to be one of those annoying cases where someone decided to disclose something in the press instead of just reporting it and getting it fixed. That’s really damn dangerous when cloud services are involved.

I expect this to be resolved pretty quickly. Possibly before my bracket is blown to unrecoverable levels.

We’ll update as we learn more …

No Related Posts
Comments

If you like to leave comments, and aren’t a spammer, register for the site and email us at info@securosis.com and we’ll turn off moderation for your account.