Saturday, March 23, 2013

Apple hit by password-reset security hole

Apple's password-resetting process has been taken down following the publication of a major security hole that allowed accounts to be accessed with just an email and date of birth. Apple is in the process of fixing the vulnerability.

The password-reset exploit, first reported by The Verge after they received an anonymous tip, involved pasting a certain URL into the browser while answering the date-of-birth security question. This would grant access to the iTunes and iCloud accounts associated with that email address, with which the attacker could do what they liked.

There is no indication of how long the hole has been available to be taken advantage of, or how accounts have been compromised.

Apple is working on a fix, but in the meantime has taken down the password-reset function. The company rolled out a two-step verification process on Thursday, allowing users to tie their account security to a device ? but it takes three days to take effect, so even early adopters were vulnerable to this exploit.

NBC News has reached out to Apple for comment and will update this post when we hear back.

Devin Coldewey is a contributing writer for NBC News Digital. His personal website is coldewey.cc.

Source: http://feeds.nbcnews.com/c/35002/f/653377/s/29e3c542/l/0L0Snbcnews0N0Ctechnology0Ctechnolog0Capple0Ehit0Epassword0Ereset0Esecurity0Ehole0E1C90A35842/story01.htm

nfl playoffs crystal harris Texas A Texas A&m cotton bowl Fiscal cliff deal kathy griffin

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.