Apple?s iForgot password reset page is now back online, and iMore has verified that the security hole, discovered earlier today in Apple?s password reset page, has been closed.
Previously, after providing a victim?s Apple ID and date of birth, an attacker could send a URL to Apple that would change the password for that account, without needing to answer any security questions. In response, Apple blocked access to the password reset page, and a short while later took the entire site down in light of another loophole that still allowed the attack to be performed.
This vulnerability came at an interesting time, just a day after Apple began to roll out its two-step verification system. Users who had already enrolled in the new system seem to have been immune from the password reset vulnerability.
Unfortunately some users were held in a three-day waiting period for enabling two-step verification, while others live in countries where two-step verification is not currently available.
Today?s events serve as an important example of why two-step verification is a good idea. People interested in getting two-step verification set up can find out how with iMore?s tutorial.
Update: Details on how the exploit worked can be found here.
 |  |
Source: http://feedproxy.google.com/~r/TheIphoneBlog/~3/eCuuc3eH3j4/story01.htm
jennifer lawrence Oscar Winners 2013 quentin tarantino jessica chastain jessica chastain oscars jane fonda
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.