Saturday, March 23, 2013

Security hole spotted in Apple’s iForgot page, gets promptly fixed

Yesterday, we reported that Apple had implemented a two-step verification process for Apple IDs to add another layer of protection against unauthorized access to your account.
Shortly after that, however, a major security hole was discovered on the iForgot website (which allows users to reset their password) where you could reset the password for any Apple ID even if you have just the email and date of birth. This left anyone who hadn’t enabled the two-step verification vulnerable.
Following the discovery of this security issue, the iForgot page was immediately taken down by Apple. Thankfully, it didn’t take long for Apple to fix the issue and the page is now back up again, with the issue being resolved for now. Still, it is highly recommended that you enable the two-step verification process for your Apple ID to prevent more such scares in the future.

No comments:

Post a Comment