In the market for an iPhone? Here's a breakdown of all the currently shipping iPhones from Apple.
Apple ID Security Hole Allows Password Reset With Email Address and Date of Birth
The Verge is reporting that the Apple ID login system has been compromised and passwords can be reset using only the user's email address and date of birth. Users who have activated the new two-step verification process are not affected by the hack.
Users who attempted to activate two-step verification but are put into a three-day waiting period are vulnerable to the attack, and concerned users can log into their Apple ID accounts and change their birthdate to something less easily guessed.
The two-step verification system for Apple ID accounts was introduced yesterday and is supposed to provide users with a login sequence that is nearly impossible to hack for someone without physical access to the user's devices.
Update 1:29 PM: Apple has taken its iForgot password reset system offline.
Update 8:48 PM: Apple's iForgot system is active once again, and iMore has confirmed that the issue has been fixed.
We've been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page. It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand.Out of concerns for user security, The Verge did not share any information about how to perform the hack, and Apple has not publicly commented on the issue.
Users who attempted to activate two-step verification but are put into a three-day waiting period are vulnerable to the attack, and concerned users can log into their Apple ID accounts and change their birthdate to something less easily guessed.
The two-step verification system for Apple ID accounts was introduced yesterday and is supposed to provide users with a login sequence that is nearly impossible to hack for someone without physical access to the user's devices.
Update 1:29 PM: Apple has taken its iForgot password reset system offline.
Update 8:48 PM: Apple's iForgot system is active once again, and iMore has confirmed that the issue has been fixed.
[ 190 comments ]
Top Rated Comments
(View all)
90 months ago
Apple is just a horrible web services company. They've never done much right in the space.
90 months ago
Oh no, a bug in Apple's software. That's far worse than Google doing things like oh, let's say tracking you for marketing purposes. Glad you've got your priorities. :rolleyes:
Yea. I would say it is far worse. One involves your financial information, address and potential identity theft.
The other involves targeting ads based on your searches.
Glad you understand how different the two things are.
90 months ago
Oh no, a bug in Apple's software. That's far worse than Google doing things like oh, let's say tracking you for marketing purposes. Glad you've got your priorities. :rolleyes:
Yes, yes it is worse.
90 months ago
Yea. I would say it is far worse. One involves your financial information, address and potential identity theft.
The other involves targeting ads based on your searches.
Glad you understand how different the two things are.
Seriously, it confounds me think how anyone could believe otherwise... This new hole is extremely disconcerting.
90 months ago
One involves a bug, a 'security hole' that will quickly be patched and shouldn't have existed.
The other involves a truly immoral company who track you without your knowledge.
Glad you understand how different the two things are.
Really? without your knowledge? When you sign up for their services - you accept their TOS.
And tracking you is different than exposing actual personal information. Unless you want to start spreading some FUD that Google exposes your PERSONAL information to 3rd parties.
90 months ago
Compared to whom? Microsoft? Google? The latter of which are considerably worse. :confused:
When is the last time either of them allowed a trivial password reset to anyone who knows your birthday (information often shared on Facebook)?
90 months ago
I set my password to "incorrect".
That way, whenever I forget it, it reminds me right away by saying
"Your password is incorrect"
That way, whenever I forget it, it reminds me right away by saying
"Your password is incorrect"
90 months ago
Yeah, you're right. It wasn't really a good comparison on my part.
Just wanted to make the point that it's not like this was intentional, although that doesn't justify it. I believe Apple do take privacy very seriously (unlike other companies, as aforementioned), and it's regrettable something this important has been overlooked by them.
I believe main reason you posted was to "slam" Google and you hoped you would get internet hi-5s. That backfired, didn't it.
Google takes privacy very seriously too. And just like any other company - they've made mistakes or had issues. But if you think security is NOT important to Google then you don't understand their business.
If they lose people's trust or have a really bad security issue - they are finished. Their business model RELIES on keeping information secure.
90 months ago
Unfortunately, it appears if you have a .mac email address as your AppleID, you're screwed. Signing in with that, I have no option to enable the 2-step security process (I do have the option with my .me/iCloud AppleID). And since Apple will not allow you to transfer purchases to another AppleID (something I've wanted to do for years), I'm stuck with that. Which is, apparently, now insecure. Thanks, Apple!
[ Read All Comments ]
Apple has inked a deal for 200,000 square feet of office space near Madison Square Garden in New York, according to The New York Post. Apple will be moving in to the 11th through 14th floors of 11...
Netflix today announced a new feature that will see the streaming service offering a series of top 10 lists that highlight the most popular content on the platform.
There will be an overall...
Amazon continues to knock down the price of the 2019 AirPods with Charging Case, now available for $129.98, down from $159.00 ($29 off). This sale is $1 away from matching the...
Amazon has introduced the first discount on Apple's iPhone 11 Smart Battery Case, which is now priced at $99.00, down from $129.00. This $30 discount is currently the best price...
Photos shared on Twitter show the final stages of construction work on what will become Apple's second retail store in Bangkok, Thailand.
The location is in front of the Central World...
Apple this morning shared a new video in its ongoing "Shot on iPhone series, this time focusing on the Valley of Fire State Park located in Overton, Nevada.
Fifty miles from Las Vegas lie...
For this week's giveaway, we've teamed up with Arlo to offer MacRumors readers a chance to win an Arlo Pro 2 Camera setup that includes two wire-free cameras and an audio doorbell.
Arlo...
WhatsApp's Dark Mode for iOS got one step closer today, with the long-awaited feature rolling out to all beta users on TestFlight. Gleaning details from the latest 2.20.30.25 build, WABetaInfo...
