Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsMajor Apple security hole allows passwords to be reset with only email address, date of birth
Apple yesterday rolled out two-step verification, a security measure that promises to further shield Apple ID and iCloud accounts from being hijacked. Unfortunately, today a new exploit has been discovered that affects all customers who haven't yet enabled the new feature. It allows anyone with your email address and date of birth to reset your password using Apple's own tools. We've been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page. It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand. Out of security concerns, we will not be linking to the website in question.
http://www.theverge.com/2013/3/22/4136242/major-security-hole-allows-apple-id-passwords-reset-with-email-date-of-birth
http://www.theverge.com/2013/3/22/4136242/major-security-hole-allows-apple-id-passwords-reset-with-email-date-of-birth
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
4 replies, 848 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (2)
ReplyReply to this post
4 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Major Apple security hole allows passwords to be reset with only email address, date of birth (Original Post)
DesMoinesDem
Mar 2013
OP
Everyone knows Apples don't have holes or vulnerabilities. Those are "features yet to be removed"NT
EOTE
Mar 2013
#1
EOTE
(13,409 posts)1. Everyone knows Apples don't have holes or vulnerabilities. Those are "features yet to be removed"NT
Mika
(17,751 posts)3. Its not a vulnerability of the computer.
Did you read the article?
EOTE
(13,409 posts)4. I did. It's a software issue that is yet again putting the privacy and identity of Apple users at
risk. Much like this one:
http://bgr.com/2013/03/20/apple-ios-vulnerability-passcode-bypass-387998/
Owning a Mac/iPhone/iPad doesn't do you much good if you can't use Apple's services and software.
Sherman A1
(38,958 posts)2. Thanks for Posting!