Apple hit by password-reset security hole

24 Mar

Apple’s password-resetting process has been taken down following the publication of a major security hole that allowed accounts to be accessed with just an email and date of birth. Apple is in the process of fixing the vulnerability.

The password-reset exploit, first reported by The Verge after they received an anonymous tip, involved pasting a certain URL into the browser while answering the date-of-birth security question. This would grant access to the iTunes and iCloud accounts associated with that email address, with which the attacker could do what they liked.

There is no indication of how long the hole has been available to be taken advantage of, or how accounts have been compromised.

Apple is working on a fix, but in the meantime has taken down the password-reset function. The company rolled out a two-step verification process on Thursday, allowing users to tie their account security to a device ? but some users found that the feature would take three days to take effect, preventing them from using it as a way to avoid this security problem.

The company offered the following statement pending further announcements on the security hole:

Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix.

Update: The “iForgot” password reset page came back online late Friday evening, indicating Apple has patched the security hole.

Devin Coldewey is a contributing writer for NBC News Digital. His personal website is coldewey.cc.

<!– BEGIN OUTBRAIN SAMPLE, REPLACE WITH VIEW MODEL .voterDiv .ob_bctrl{display:none;} .ob_pdesc IMG{border:none;} .AR_3 .ob_what{direction:ltr;text-align:right;clear:both;padding:5px 10px 0px;} .AR_3 .ob_what a{color:#999;font-size:10px;font-family:arial;text-decoration: none;} .AR_3 .ob_clear{clear:both;} .AR_3 .ob_amelia{background:url(‘http://widgets.outbrain.com/images/widgetIcons/ob_logo_16x16.png&#8217;) no-repeat center top;display:inline-block;width:16px;height:16px;vertical-align:text-bottom;margin-bottom:-2px;padding:0px 5px;box-sizing:content-box;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;} .AR_3:hover .ob_amelia{background-position:center bottom;} img.textual-video-img {display: inline !important;} .AR_3 .ob_dual_container{clear:both;} .AR_3 .ob_dual_left,.AR_3 .ob_dual_right {float:left;width:46%;padding:0 2%;} .AR_3 .ob_empty{display:none;} More from NBCNews.com

  • Te’o hoax mastermind: I’m ‘recovering’ from homosexuality (Today News)
  • Reporter: SEAL who shot bin Laden is living ‘like a mafia snitch’ (Today News)
  • Kate Upton on Antarctic shoot for SI: ‘My body was shutting down’ (Today News)
  • Dorner carjacking victim: ‘He came up to me with his gun pointed at me’ (Today News)
  • Jackie Collins: I won’t write ‘Fifty Shades’-style sex scenes (Today News)

Around the Web

  • Why for Madeleine Albright, Divorce Turned Out to Be the Best Thing (Makers)
  • The Hottest Gray Hair Solution 2013 (Fab Over Fifty)
  • NickMom Night Out Backstage: Religious Rage (Nick Mom)
  • Did any of your ancestors experience a bizarre death? (Ancestry.com)
  • What Will Replace Stainless Steel (Oven Info)

[what’s this?] END OUTBRAIN SAMPLE –>

Source: http://feeds.nbcnews.com/c/35002/f/653377/s/29e3c542/l/0L0Snbcnews0N0Ctechnology0Ctechnolog0Capple0Ehit0Epassword0Ereset0Esecurity0Ehole0E1C90A35842/story01.htm

broncos broncos lehigh walking dead season finale matt flynn denver news frozen planet

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: