New Apple security hole reportedly opens door wide open to resetting accounts

Summary:If you're interested in trying out Apple's new two-step ID authentication, you might want to hurry up.


Apple just introduced two-factor authentication for Apple ID accounts, and there might already be some considerable urgency for it.

Reports have been circulating on Friday that there is a new security flaw in which anyone could reset an iCloud/Apple ID account with just a date of birth and a correlating e-mail address.

Based on a report from The Verge, it really doesn't get more complicated than that and a modified URL designed to trick unaware users.

To recall , the Cupertino, Calif.-based company added the two-step option for Apple ID users to have a verification code sent to an authorized device when signing in. Apple follows Facebook and Google (not to mention a number of enterprise tech business) embracing this heightened security trend.

Thus, now seems like a primetime to set up two-factor authentication if you haven't already.

The problem is that some users are allegedly being informed that the registration process for the extra measure can't be completed for at least three days.

For now, it looks like backup option is to proceed with extreme caution when using Apple's iForgot tools.

More information about setting up two-factor authentication is available from Apple's support pages.

Topics: Security, Apple, iOS, Mobility


Rachel King is a staff writer for CBS Interactive based in San Francisco, covering business and enterprise technology for ZDNet, CNET and SmartPlanet. She has previously worked for The Business Insider,, CNN's San Francisco bureau and the U.S. Department of State. Rachel has also written for, Irish Americ... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.