If you're new to AirPods, considering buying a pair, or just want to pick up some new tips.
Apple ID Security Hole Allows Password Reset With Email Address and Date of Birth
The Verge is reporting that the Apple ID login system has been compromised and passwords can be reset using only the user's email address and date of birth. Users who have activated the new two-step verification process are not affected by the hack.
Users who attempted to activate two-step verification but are put into a three-day waiting period are vulnerable to the attack, and concerned users can log into their Apple ID accounts and change their birthdate to something less easily guessed.
The two-step verification system for Apple ID accounts was introduced yesterday and is supposed to provide users with a login sequence that is nearly impossible to hack for someone without physical access to the user's devices.
Update 1:29 PM: Apple has taken its iForgot password reset system offline.
Update 8:48 PM: Apple's iForgot system is active once again, and iMore has confirmed that the issue has been fixed.
We've been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page. It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand.Out of concerns for user security, The Verge did not share any information about how to perform the hack, and Apple has not publicly commented on the issue.
Users who attempted to activate two-step verification but are put into a three-day waiting period are vulnerable to the attack, and concerned users can log into their Apple ID accounts and change their birthdate to something less easily guessed.
The two-step verification system for Apple ID accounts was introduced yesterday and is supposed to provide users with a login sequence that is nearly impossible to hack for someone without physical access to the user's devices.
Update 1:29 PM: Apple has taken its iForgot password reset system offline.
Update 8:48 PM: Apple's iForgot system is active once again, and iMore has confirmed that the issue has been fixed.
[ 190 comments ]
Top Rated Comments
(View all)
78 months ago
Apple is just a horrible web services company. They've never done much right in the space.
78 months ago
Oh no, a bug in Apple's software. That's far worse than Google doing things like oh, let's say tracking you for marketing purposes. Glad you've got your priorities. :rolleyes:
Yes, yes it is worse.
78 months ago
Oh no, a bug in Apple's software. That's far worse than Google doing things like oh, let's say tracking you for marketing purposes. Glad you've got your priorities. :rolleyes:
Yea. I would say it is far worse. One involves your financial information, address and potential identity theft.
The other involves targeting ads based on your searches.
Glad you understand how different the two things are.
78 months ago
Yea. I would say it is far worse. One involves your financial information, address and potential identity theft.
The other involves targeting ads based on your searches.
Glad you understand how different the two things are.
Seriously, it confounds me think how anyone could believe otherwise... This new hole is extremely disconcerting.
78 months ago
One involves a bug, a 'security hole' that will quickly be patched and shouldn't have existed.
The other involves a truly immoral company who track you without your knowledge.
Glad you understand how different the two things are.
Really? without your knowledge? When you sign up for their services - you accept their TOS.
And tracking you is different than exposing actual personal information. Unless you want to start spreading some FUD that Google exposes your PERSONAL information to 3rd parties.
78 months ago
Compared to whom? Microsoft? Google? The latter of which are considerably worse. :confused:
When is the last time either of them allowed a trivial password reset to anyone who knows your birthday (information often shared on Facebook)?
78 months ago
Unfortunately, it appears if you have a .mac email address as your AppleID, you're screwed. Signing in with that, I have no option to enable the 2-step security process (I do have the option with my .me/iCloud AppleID). And since Apple will not allow you to transfer purchases to another AppleID (something I've wanted to do for years), I'm stuck with that. Which is, apparently, now insecure. Thanks, Apple!
78 months ago
I set my password to "incorrect".
That way, whenever I forget it, it reminds me right away by saying
"Your password is incorrect"
That way, whenever I forget it, it reminds me right away by saying
"Your password is incorrect"
78 months ago
Yeah, you're right. It wasn't really a good comparison on my part.
Just wanted to make the point that it's not like this was intentional, although that doesn't justify it. I believe Apple do take privacy very seriously (unlike other companies, as aforementioned), and it's regrettable something this important has been overlooked by them.
I believe main reason you posted was to "slam" Google and you hoped you would get internet hi-5s. That backfired, didn't it.
Google takes privacy very seriously too. And just like any other company - they've made mistakes or had issues. But if you think security is NOT important to Google then you don't understand their business.
If they lose people's trust or have a really bad security issue - they are finished. Their business model RELIES on keeping information secure.
[ Read All Comments ]
Apple will debut its rumored television service on Monday, and ahead of the event, The Washington Post has shared some new details on the planning that has gone into Apple's TV service.
When...
LG recently debuted a new 32UL950 32-inch UltraFine 4K display, but this latest model, priced at $1300, wasn't designed in partnership with Apple.
It still shares quite a few design...
Nomad is a company that creates useful accessories built around rugged simplicity, and in the past it has released iPhone cases, Lightning cables, and Apple Watch straps.
This year, Nomad...
For this week's giveaway, we've teamed up with Tile to give MacRumors readers a chance to win a set of Tile Bluetooth trackers that are designed to help you keep track of your most precious...
Apple CEO Tim Cook is in China this week ahead of the annual China Development Forum that promotes economic growth in the country.
Cook was photographed at an Apple Store in Beijing's...
Artist Billie Eilish has achieved a new streaming milestone on Apple Music, breaking the service's all-time record for users "pre-adding" an album to their libraries ahead of its release....
Apple Music recently updated the New Music section of the "Browse" tab with a small refresh that highlights an assortment of different playlists from various musical genres. Apple sometimes...
Apple has inked a deal with Vox for Vox to become a part of its upcoming subscription service that will be available in Apple News, reports Bloomberg.
Vox is owned by Vox Media, which also owns...
