View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Apple fixes security flaw in iForgot password recovery system

The flaw allowed any person to reset a user's iForgot account password through an email address and date of birth

By CBR Staff Writer

Apple has fixed a security flaw, which allows hackers to unauthorisedly change a user’s Apple ID password just by using the correct email address and date of birth.

The flaw could be exploited by hackers to send a modified URL to the company’s iForgot webpage and reset the password without furnishing additional security questions.

Apple’s security flaw comes in the midst of launch of a new level of security to iCloud and Apple ID accounts that require two-step verification to avoid passwords from being stolen.

According to Apple, the exploit didn’t work on the accounts of users who have activated the two-step verification in which users will receive a 4-digit code through SMS from Apple to a trusted device.

The process mandates users to authenticate their identity by entering both password and a 4-digit verification code through their devices prior to making any modifications to the user’s account or purchasing an iTunes, App Store, or iBookstore from a new device.

In addition, Apple has advised several users to wait three days before they could enable the two-step verification setup and it is only available in the US, Britain, Australia, Ireland, and New Zealand.

Globally, there are about 500 million active Apple ID accounts, which consumers use for the company’s various stores and online services, including iCloud.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.