Warning: Apple Users Targeted in Phishing Attack Involving Rapid Password Reset Requests

by

Phishing attacks taking advantage of Apple's password reset feature have become increasingly common, according to a report from KrebsOnSecurity. Multiple Apple users have been targeted in an attack that bombards them with an endless stream of notifications or multi-factor authentication (MFA) messages in an attempt to cause panic so they'll respond favorably to social engineering.

reset password request iphone
An attacker is able to cause the target's iPhone, Apple Watch, or Mac to display system-level password change approval texts over and over again. Because the password requests target the Apple ID, they pop up on all of a user's devices. The notifications render all linked Apple products unable to be used until the popups are dismissed one by one on each device. Twitter user Parth Patel recently shared his experience being targeted with the attack, and he says he could not use his devices until he clicked on "Don't Allow" for more than 100 notifications.

The actual popup can't be used to gain access to an Apple device, and it serves as a front for attackers to incite fear in the target. Following the flood of notifications, the attacker calls using a spoofed number that makes it appear to be coming from Apple. On these calls, the attacker confirms that the victim's account is under attack, and that sensitive information is needed to put a stop to it. It appears that the attacker is after a one-time code to confirm a password reset or login attempt.

In Patel's case, the attacker was using information leaked from a people search website, which included name, current address, past address, and phone number, giving the person attempting to access his account ample information to work from. The attacker happened to have his name wrong, and he also became suspicious because he was asked for a one-time code that Apple explicitly sends with a message confirming that Apple does not ask for those codes.

The attack hinges on the perpetrator having access to the email address and phone number associated with an ‌Apple ID‌ at a minimum, and given the description of what's been happening, it is likely that bad actors also had access to the victim's ‌Apple ID‌ password from database leaks and other means. One-time codes are most often triggered as secondary security, so the attacker sends the notification spam, calls the target to "save" them from the attack, logs in to the ‌Apple ID‌ with the stolen information and password, and triggers the one-time code. If the target hands over the code at this point, the attacker will have full access to the ‌Apple ID‌.

KrebsOnSecurity looked into the issue, and found that attackers appear to be using Apple's page for a forgotten ‌Apple ID‌ password to send the notification spam. This page requires a user's ‌Apple ID‌ email or phone number, and it has a CAPTCHA. When an email address is put in, the page displays the last two digits of the phone number associated with the Apple account, and filing in the missing digits and hitting submit sends a system alert.

It is not clear how the attackers are abusing the system to send multiple messages to Apple users, but it appears to be a bug that is being exploited. It is unlikely that Apple's system is meant to be able to be used to send more than 100 requests, so presumably the rate limit is being bypassed.

Apple device owners targeted by this attack should remain calm and make sure not to provide sensitive information to someone who calls, even if the phone call appears to be coming from Apple. Spoofing a phone number is a simple thing to do, so the best course of action is to hang up and call Apple support directly. There is never a situation where a one-time code should be shared with another person, and Apple will never ask for a code.

Update: This article has been updated to clarify how the attack works. The prior version suggested that an ‌Apple ID‌ could be accessed should someone press "Allow" on one of the password request popups, but that is inaccurate. This is a complicated, multi-step attack that requires social engineering, but the password reset spam is a component that Apple will hopefully address in a future update.

Popular Stories

iOS 26

iOS 26.2 Coming Soon With These 8 New Features on Your iPhone

Thursday December 11, 2025 8:49 am PST by
Apple seeded the second iOS 26.2 Release Candidate to developers earlier this week, meaning the update will be released to the general public very soon. Apple confirmed iOS 26.2 would be released in December, but it did not provide a specific date. We expect the update to be released by early next week. iOS 26.2 includes a handful of new features and changes on the iPhone, such as a new...
Read Full Article81 comments
Google maps feaure

Google Maps Quietly Added This Long-Overdue Feature for Drivers

Wednesday December 10, 2025 2:52 am PST by
Google Maps on iOS quietly gained a new feature recently that automatically recognizes where you've parked your vehicle and saves the location for you. Announced on LinkedIn by Rio Akasaka, Google Maps' senior product manager, the new feature auto-detects your parked location even if you don't use the parking pin function, saves it for up to 48 hours, and then automatically removes it once...
Read Full Article42 comments
AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 2 and AirPods Pro 3

Thursday December 11, 2025 11:28 am PST by
Apple today released new firmware designed for the AirPods Pro 3 and the prior-generation AirPods Pro 2. The AirPods Pro 3 firmware is 8B30, up from 8B25, while the AirPods Pro 2 firmware is 8B28, up from 8B21. There's no word on what's include in the updated firmware, but the AirPods Pro 2 and AirPods Pro 3 are getting expanded support for Live Translation in the European Union in iOS...
Read Full Article65 comments
iOS 26

iOS 26.4 and iOS 27 Features Revealed in New Leak

Friday December 12, 2025 10:56 am PST by
Macworld's Filipe Espósito today revealed a handful of features that Apple is allegedly planning for iOS 26.4, iOS 27, and even iOS 28. The report said the features are referenced within the code for a leaked internal build of iOS 26 that is not meant to be seen by the public. However, it appears that Espósito and/or his sources managed to gain access to it, providing us with a sneak peek...
Read Full Article59 comments
Foldable iPhone 2023 Feature 1

Apple to Make More Foldable iPhones Than Expected [Updated]

Tuesday December 9, 2025 9:59 am PST by
Apple has ordered 22 million OLED panels from Samsung Display for the first foldable iPhone, signaling a significantly larger production target than the display industry had previously anticipated, ET News reports. In the now-seemingly deleted report, ET News claimed that Samsung plans to mass-produce 11 million inward-folding OLED displays for Apple next year, as well as 11 million...
Read Full Article113 comments
AirTag 2 Mock Feature

Apple AirTag 2: Four New Features Found in iOS 26 Code

Thursday December 11, 2025 10:31 am PST by
The AirTag 2 will include a handful of new features that will improve tracking capabilities, according to a new report from Macworld. The site says that it was able to access an internal build of iOS 26, which includes references to multiple unreleased products. Here's what's supposedly coming: An improved pairing process, though no details were provided. AirTag pairing is already...
Read Full Article38 comments
iOS 26

Apple Releases iOS 26.2 With Alarms for Reminders, Lock Screen Changes, Enhanced Safety Alerts and More

Friday December 12, 2025 10:10 am PST by
Apple today released iOS 26.2, the second major update to the iOS 26 operating system that came out in September, iOS 26.2 comes a little over a month after iOS 26.1 launched. ‌iOS 26‌.2 is compatible with the ‌iPhone‌ 11 series and later, as well as the second-generation ‌iPhone‌ SE. The new software can be downloaded on eligible iPhones over-the-air by going to Settings >...
Read Full Article103 comments
iOS 26

15 New Things Your iPhone Can Do in iOS 26.2

Friday December 5, 2025 9:40 am PST by
Apple is about to release iOS 26.2, the second major point update for iPhones since iOS 26 was rolled out in September, and there are at least 15 notable changes and improvements worth checking out. We've rounded them up below. Apple is expected to roll out iOS 26.2 to compatible devices sometime between December 8 and December 16. When the update drops, you can check Apple's servers for the ...
Read Full Article54 comments
maxresdefault

iOS 26 Code Leak Reveals Apple Smart Home Hub Details

Thursday December 11, 2025 4:02 pm PST by
Apple is working on a smart home hub that will rely heavily on the more capable version of Siri that's coming next year. We've heard quite a bit about the hub over the last two years, but a recent iOS 26 code leak provides additional insight into what we can expect and confirms rumored features. Subscribe to the MacRumors YouTube channel for more videos. Macworld claims to have access to an ...
Read Full Article117 comments

Top Rated Comments

checker2010 Avatar
checker2010
22 months ago

iCloud Lock was the worst thing Apple has done to the iPhone. Some people legit get permanently locked out of their own phones because of it.
Activation lock is a fantastic feature. I’d recommend everyone have it enabled.
Score: 50 Votes (Like | Disagree)
Realityck Avatar
Realityck
22 months ago

When attackers are unable to get the person to click "Allow" on the password change notification, targets often get phone calls that seem to be coming from Apple. On these calls, the attacker claims to know that the victim is under attack, and attempts to get the one-time password that is sent to a user's phone number when attempting a password change.
Never trust a company to call you out of the blue! Just tell them you are hanging up and contacting that company directly.
Score: 42 Votes (Like | Disagree)
vegetassj4 Avatar
vegetassj4
22 months ago
Thank my lucky stars Apple Security warned me before this exploit was used:



Attachment Image
Score: 34 Votes (Like | Disagree)
boswald Avatar
boswald
22 months ago
Oh, good grief. What a nasty attack. I will definitely make my family aware of this!
Score: 28 Votes (Like | Disagree)
whsbuss Avatar
whsbuss
22 months ago
And the DOJ and EU keep tearing down the Apple ecosystem. What insanity
Score: 28 Votes (Like | Disagree)
antiprotest Avatar
antiprotest
22 months ago

Oh, good grief. What a nasty attack. I will definitely make my family aware of this!
I wonder if it is something that can be fixed or limited on Apple's side. Sounds like it. They should do it TODAY.
Score: 22 Votes (Like | Disagree)
Read All Comments