Pages: [1]   Go Down
  Print  
Author Topic: Apple takes password reset functionality offline after news of serious vulnerability  (Read 446 times)
HCK
Global Moderator
Hero Member
*****
Posts: 79425



« on: March 22, 2013, 11:01:02 pm »

Apple takes password reset functionality offline after news of serious vulnerability
   




   

Earlier Friday, The Verge reported on a significant security exploit with Apple’s “reset password” functionality for Apple IDs. Armed with only your email address and date of birth, a hacker could tweak a specific URL to reset the password for your account.


If you’ve already enabled Apple’s just-launched two-step verification for your account, you shouldn’t be vulnerable to this attack. But if you hadn’t, or if you had started the process but were ensnared by the three-day waiting period Apple levied for certain users to enable the more secure option, your account remained at risk—unless you updated your account with a fake date of birth.


That said, you’re safe—for the time being. Apple has disabled its password reset functionality for now, presumably while it works to patch the exploit.


An Apple spokesperson told Macworld, “Apple takes customer privacy very seriously. We are aware of this issue, and are working on a fix.”
To read this article in full or to leave a comment, please click here
      

http://www.macworld.com/article/2031729/apple-takes-reset-password-functionality-offline-after-news-of-serious-vulnerability.html#tk.rss_all
   
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: