Apple brings password page back online after fixing security exploit
Earlier today Apple took down its iForgot page after we reported that it was possible to reset a user password with nothing more than an email address and date of birth. Apple has now brought the site back online after fixing the problem. iMore first reported that the exploit, which involved manipulating a URL, was no longer active. We have been able to confirm this in our own testing.
Apple confirmed the problem earlier today and said it was working on a fix. However, even after the company took down the iForgot page it was still possible to access the page via other means. The only way for a user to protect themselves from the exploit was to activate Apple's two-step authentication. Unfortunately, some users found themselves stuck in a three-day queue before they would be allowed to add it to their account. With the overall problem now resolved, those still waiting should be able to relax. However, we still recommend that all iCloud and Apple ID users activate Apple's two-step authentication as soon as possible — if it's available in your country, that is.
There are 52 Comments. Load 'Em Up. Show speed reading tips and settings
Shortcuts to mastering the comment thread. Use wisely.
C - Next Comment
X - Mark as Read
R - Reply
Z - Mark Read & Next
Shift + C - Previous
Shift + A - Mark All Read
Comment Settings
Live comment alert: Hide it!
Something to say? Choose one of these options to log in.