toggle

AAPL Stock: 100.58 ( + 0.01 )

Printed from http://www.macnn.com

Apple restores 'iForgot' system, fixes password flaw

updated 10:52 pm EDT, Fri March 22, 2013

Quick response prevents any reports of actual account compromises

A security flaw exposed earlier on Friday has already been fixed, just hours after it was discovered, according to Apple. The issue, which could have allowed malicious users to hijack and lock out the legitimate owners, just by knowing the email address and exact birthdate of a victim. In response, Apple temporarily took its "iForgot" password-resetting service offline while it resolved the issue.

The process involved pasting a modified URL while answering the birthdate question on the password retrieval page, which allowed the attacker to reset the password. Ironically, the only defense against the vulnerability was to enable Apple's just-introduced two-step verification process, which adds a PIN code requirement before changing account info. The PIN code is only accessible through Find My iPhone or a text message to a pre-registered phone number.

The iForgot service was restored around 6:30PT after being down for approximately five and a half hours. Apple had been quick to respond to the issue, releasing a statement that it was aware of the problem and working on a fix shortly after iForgot was taken offline. The company's move likely prevented the exploit from being used widely -- no field reports of compromised accounts have been seen thus far.

All systems are now reported to be working properly, and the vulnerability has been closed.





by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Pure Jongo T2 wireless speaker

Multi-room audio compatibility is a key metric for wireless sound systems these days. The entry cost into a house-spanning system can ...

Logitech Z213 multimedia speakers

Desktop computer speakers sit in a weird area of limbo: many consumers have forgone the era of desktop listening for the privacy and v ...

toggle

Most Commented