toggle

AAPL Stock: 124.43 ( -1.94 )

Printed from http://www.macnn.com

Apple restores 'iForgot' system, fixes password flaw

updated 10:52 pm EDT, Fri March 22, 2013

Quick response prevents any reports of actual account compromises

A security flaw exposed earlier on Friday has already been fixed, just hours after it was discovered, according to Apple. The issue, which could have allowed malicious users to hijack and lock out the legitimate owners, just by knowing the email address and exact birthdate of a victim. In response, Apple temporarily took its "iForgot" password-resetting service offline while it resolved the issue.

The process involved pasting a modified URL while answering the birthdate question on the password retrieval page, which allowed the attacker to reset the password. Ironically, the only defense against the vulnerability was to enable Apple's just-introduced two-step verification process, which adds a PIN code requirement before changing account info. The PIN code is only accessible through Find My iPhone or a text message to a pre-registered phone number.

The iForgot service was restored around 6:30PT after being down for approximately five and a half hours. Apple had been quick to respond to the issue, releasing a statement that it was aware of the problem and working on a fix shortly after iForgot was taken offline. The company's move likely prevented the exploit from being used widely -- no field reports of compromised accounts have been seen thus far.

All systems are now reported to be working properly, and the vulnerability has been closed.





by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Advertisement

Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill th ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...

Moshi iVisor AG and XT for iPad Air 2

Have you ever tried to put in a screen protector that relies on static to cling to the screen? How many bubbles and wrinkles does it h ...

toggle

Most Commented