New Apple security hole reportedly opens door wide open to resetting accounts

New Apple security hole reportedly opens door wide open to resetting accounts

Summary: If you're interested in trying out Apple's new two-step ID authentication, you might want to hurry up.


Apple just introduced two-factor authentication for Apple ID accounts, and there might already be some considerable urgency for it.

Reports have been circulating on Friday that there is a new security flaw in which anyone could reset an iCloud/Apple ID account with just a date of birth and a correlating e-mail address.

Based on a report from The Verge, it really doesn't get more complicated than that and a modified URL designed to trick unaware users.

To recall, the Cupertino, Calif.-based company added the two-step option for Apple ID users to have a verification code sent to an authorized device when signing in. Apple follows Facebook and Google (not to mention a number of enterprise tech business) embracing this heightened security trend.

Thus, now seems like a primetime to set up two-factor authentication if you haven't already.

The problem is that some users are allegedly being informed that the registration process for the extra measure can't be completed for at least three days.

For now, it looks like backup option is to proceed with extreme caution when using Apple's iForgot tools.

More information about setting up two-factor authentication is available from Apple's support pages.

Topics: Security, Apple, iOS, Mobility, Privacy

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Why would apple release their products with so many gaping holes in them?

    apple's products are like swiss cheese, so many holes in them. apple should test their products before they release them. There is no excuse for a service like this to ever get into production with such horrible security.

    Shame on you apple. Shame on you.
    • Amazing!

      Who would have guessed you would be the first to comment on this? Anyway it looks like Apple took care of the problem.
    • Like other providers are better.

      hotmail is affected in this attack,twitter-microsoft-linkedin-yahoo-open-to-hijacking.aspx

      But if you use hotmail as your live account then they now have access to your skydrive (personal files) and your app store account (purchases)
      Anthony E
      • Good to know

        So a perfectly acceptable answer to "ANOTHER vulnerability in (insert provider here)'s software?"


        "Like other providers are better"

        Good, glad we have forever settled that argument and it only took a couple minutes. I'm guessing now we won't ever see swarms of you guys on certain security related articles?

        Yeah right.
        • You mean

          like you do so often..
          Anthony E
          • I'm a swarm?


            So, are we agreed then?

            "Good, glad we have forever settled that argument and it only took a couple minutes. I'm guessing now we won't ever see swarms of you guys on certain security related articles?"
    • I think this may be the only post Ill ever have to make..

      ONCE AGAIN....As long as humans write code for computers, there will be flaws, regardless of platform. Thank you.
      • He knows that.

        His comment has nothing to do about Apple or their ability to write code.
    • Sadly all those responding to you are clueless... to why you made this post.
  • It's funny

    Some forum participants complain about "Microsoft hatred" in ZDNet articles. Well, there's certainly also a lot of "Apple hatred" and "Microsoft love" in the comments section. Fanboys are fanboys...
    • So apple deserves to be congratulated for this?

      According to you then, when there is a gaping huge security hole, the vendor should be attacked

      except if apple is the vendor.

      Got it.

      Why wouldn't we hold apple's feet to the fire for this? Why should anyone show apple "love" for this one? Why should we "hate" Microsoft when apple messes up?
      • So you consider yourself a fanboy, then?

        Since you replied to this, I mean.

        But to use your own wording for these kind of things: Will you go on record saying that there's NOT a lot of "Microsoft love" and "Apple hatred" in the comments section of ZDNet articles?

        Some participants in this forum (but not you, in my opinion) have NO credibility, because they ALWAYS claim that THEIR platform/products have NO weaknesses whatsoever. Everything's perfect, always. But all other platforms/products "suck", and people who use them are "morons". That's how fanboys in the comments section behave.
    • Naa

      You've got ti wrong. Todd can't be a full blown fanboi as his owned Apple products.
      NO true blue fanboe would ever own up to owning a product from his main rival.

      Could be his a swinging fanboi! lol ;-)
    • You completely miss the point.

      It's not about's about their fanbois.
  • Switch to Microsoft technologies.

    Apple /Google tech are for toys, OSX and iOS security is a joke and Android is full of malware.

    Get a Windows phone, its the future.
    • Owlnet, with all respect...

      Please STOP posting such silly posts.
      • Owllll1net has no respect for himself

        As a Microsoft Dummy, he sold his soul to them and there is no more respect for himself left.
    • Thank you for proving my point

      In my post above.
      • Telling truth doesn't make One a 'fanyboy'

        Please don't misuse that term.
        • Thanks for proving my point, again

          But what is a 'fanyboy' ?