A newly discovered Apple security exploit has been discovered. The new exploit allows anyone with a user’s email address and date of birth to reset an Apple ID or iCloud account password.
The exploit was first discovered by The Verge, which found that the exploit uses Apple’s own tools to break into accounts. Hackers discovered that they could use a modified URL while entering a users date of birth on Apple’s iForgot page.
After discovering the hack, details for its use were published online in a step-by-step tutorial.
On Thursday, Apple launched a new two-step verification process for Apple ID and iCloud account holders. The two-step verification adds a new layer of protection to vulnerable accounts. Apple now asks for new verification when a new device attempts to access a users Apple iCloud or Apple ID account.
The verification process requires users to access their account from one of their own devices such as an iPhone.
Apple also sends a numerical code via text message to users who purchase a new computer and sign into iCloud on it. The code, once entered, frees up the device for user account access.
If you have failed to thus far, you can setup Apple two-step verification here.
The Apple security exploit serves as yet another reminder that security standards are lacking at all levels. From startup internet firms to massively huge billion dollar enterprises, users should remember that two-step verification is almost a necessity these days and not a simple suggestion.
As Apple continues to sell an increasing number of devices, users should expect the type of security problems they have experienced with windows and OS machines over the last several decades.
Are you worried about the current state of your personal information? Should tech firms be taking a more responsible approach to how they deal with personal user information?