Major security hole found in Apple’s account reset code

Apple two step verification bug

Yesterday, Apple rolled out a new two step verification process for all its customers having an Apple ID. The new process will ask you for some personal questions including your email address and date of birth. But soon after the company released this update, a major bug has been found which lets anybody with your email address and date of birth, reset your Apple ID password. But this is applicable only if you have not yet enabled the new two step verification process.

A blog has very graciously published a very detailed set of instructions as to how one can take undue advantage of this bug. You just have to change the URL of the webpage when the date of birth is asked, and you would be good to go. The Verge has tried this out first hand and has confirmed that it was indeed working.

So, if you have not yet updated your account to include two step verification, do it now. And after this was reported on the internet, the Cupertino based tech giant took its iForgot service down “due to maintenance”. The Cupertino tech giant said that the company was working on a fix for this issue. And soon after that, the tool was back online with the company saying that the company has fixed the issue. There have been no reports of bugs till now.

This new two step verification tool is still only available in the US, UK, Australia, Ireland, and New Zealand. Apple users who are not in this region may still be in the danger of getting their Apple ID accounts hacked, even though the company has said that the bug has been fixed. It is better that such people change their birthdays to something false till they can get the two step verification activated. This way, even if somebody knows your date of birth, they will not be able to reset your password.

Source: The Verge