Major security hole found in Apple’s account reset code

Apple two step verification bug

Yesterday, Apple rolled out a new two step verification process for all its customers having an Apple ID. The new process will ask you for some personal questions including your email address and date of birth. But soon after the company released this update, a major bug has been found which lets anybody with your email address and date of birth, reset your Apple ID password. But this is applicable only if you have not yet enabled the new two step verification process.

A blog has very graciously published a very detailed set of instructions as to how one can take undue advantage of this bug. You just have to change the URL of the webpage when the date of birth is asked, and you would be good to go. The Verge has tried this out first hand and has confirmed that it was indeed working.

So, if you have not yet updated your account to include two step verification, do it now. And after this was reported on the internet, the Cupertino based tech giant took its iForgot service down “due to maintenance”. The Cupertino tech giant said that the company was working on a fix for this issue. And soon after that, the tool was back online with the company saying that the company has fixed the issue. There have been no reports of bugs till now.

This new two step verification tool is still only available in the US, UK, Australia, Ireland, and New Zealand. Apple users who are not in this region may still be in the danger of getting their Apple ID accounts hacked, even though the company has said that the bug has been fixed. It is better that such people change their birthdays to something false till they can get the two step verification activated. This way, even if somebody knows your date of birth, they will not be able to reset your password.

Source: The Verge

7 thoughts on “Major security hole found in Apple’s account reset code”

  1. Mac Pro owner-Have never, will never use Mac OS except for iPad Sync.

    Second most dangerous OS on the planet.

  2. Hey dude, I’m like all bummed out and stuff because your “report” of this “news” about this so called security “flaw” by the All Mighty Apple is, like, totally bogus and stuff. You’re just a non-conformist, what, with your Android (which is just totally a knock-off of the one and only “smart phone” on the planet) and all. Hey man, just give up trying to be “different,” fall in line and put that sticker on the back of your car! Just come out of the closet already!

  3. The typical apple guy coming to defend his car loan purchase of his apple products. Make sure you tell us how awesome your apple products are too. I think the “news” is simply making people more aware of using 2-factor authentication, and how it can help protect in situations like this. He also makes folks aware to change their birthday to something false so that if another attack like this comes to light there is another method of protection.

    Re-read the article and re-think your post.

  4. @Mac User: Sounds to me like the only one bashing here is you. This is news. People need to know, and they would need to know whether it was Apple, Android, Microsoft, or anyone else.

    “Apple users who are not in this region may still be in the danger of getting their Apple ID accounts hacked, even though the company has said that the bug has been fixed.”

    Hmm… that CAN’T be newsworthy.

    But I’m sure Fanboys such as yourself will always seek to sweep it under the rug. Too bad you’re too interested in deluding yourself with all thing Apple to realize that not everything revolves around you and your iLife.

  5. This was resolved hours after being discovered and is no longer relevant yet you “report’ it as if it’s current “news”. What, are you just looking for a chance to Apple bash? Too late Droid dude.

Comments are closed.