Just when we started covering news about better security for Apple ID using the two step security method added by Apple, The Verge reported a security flaw in the password reset tool “iForgot” that would give unlimited access to any Apple ID with just the email ID of a particular Apple ID and associated birthday set for that person’s Apple ID email. The exploit involves pasting in a modified URL while answering the DOB security question on Apple’s iForgot page. It’s a process just about anyone could manage before Apple patched the vulnerability. Sadly users who would want to opt for Apple’s two step verification process needs to wait for another three days as per Apple’s website.
One secure way to avoid this is to change the date of birth to something else so as to remain safe from hackers because the two step verification process is currently available only in 6 countries and will be rolled out to other countries eventually as Apple said. Apple acknowledged the security flaw and said that “Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix.” and as Apple suggested the fix was rolled out pretty soon to all users after taking down the password reset tool for a brief moment.
Apple’s security blunders are proving to a bit more disastrous lately, this security flaw could have led to thousands of dollars of billings on various iTunes accounts because of unintended purchases.