Tech content trusted by users in North America and around the world
7,254 Reviews & Articles | 52,653 News Posts

Apple bug allows Apple ID password reset with just e-mail and date of birth

Bug found that allows Apple ID password to be reset simply by knowing email and date of birth
By: Trace Hagan | Hacking & Security News | Posted: Mar 22, 2013 7:08 pm

If you haven't enabled two-factor authentication quite yet, you might want to get on it. Yes, right now. A new vulnerability has been found that will allow a malicious user to reset a user's password by knowing just their e-mail address and date of birth. It's not clear if this bug resulted from Apple's new two-step authentication or if it has always been there.




A guide to doing the hack has been posted online, though we will not be linking to it for some very obvious security reasons. A malicious user has to simply paste in a modified URL and answer the date of birth security question to reset the password. The exploit makes use of Apple's iForgot tool.


Related Tags

Got an opinion on this news? Post a comment below!