Apple ID Security Hole Allows Password Reset With Email Address and Date of BirthThe Verge is reporting that the Apple ID login system has been compromised and passwords can be reset using only the user's email address and date of birth. Users who have activated the new two-step verification process are not affected by the hack. We've been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page. It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand.Out of concerns for user security, The Verge did not share any information about how to perform the hack, and Apple has not publicly commented on the issue. Users who attempted to activate two-step verification but are put into a three-day waiting period are vulnerable to the attack, and concerned users can log into their Apple ID accounts and change their birthdate to something less easily guessed. The two-step verification system for Apple ID accounts was introduced yesterday and is supposed to provide users with a login sequence that is nearly impossible to hack for someone without physical access to the user's devices. Update 1:29 PM: Apple has taken its iForgot password reset system offline. Update 8:48 PM: Apple's iForgot system is active once again, and iMore has confirmed that the issue has been fixed. Recent Mac and iOS Blog Stories • Blizzard Announces 'Hearthstone: Heroes of Warcraft' for Mac and iPad • Mailbox Fills One Million Reservations, Updates App with New Shake to Undo Feature • Redesigned 'Speedtest.net' App Released, Improved Server Selection and Sharing • A Look at American Airlines' iPad Electronic Flight Bag • Apple Tops J.D. Power Smartphone Satisfaction Rankings By Significant Margin • Black Pixel to Revive 'NetNewsWire' With Cross-Device Syncing • Cleveland Museum of Art Uses iPads for Visitor-Personalized Tours • Pixelmator Crashing Issue Fixed in OS X 10.8.3
http://www.macrumors.com/2013/03/22/apple-id-security-hole-allows-password-reset-with-email-address-and-date-of-birth/
