Ronny Lam

about://tech

Apple ID Vulnerable for a Short Time

Just when the news came out about Apple’s two-step authentication someone found out that the Apple ID could be reset by just knowing the account and the birthdate.

iMore was able to reproduce the problem and this is how it worked.

While iMore doesn’t know what the original source was, we were able to reproduce the exploit independently. In the interest of helping people understand how they were put at risk, and allowing anybody designing their own systems to avoid similar security holes in the future, after a lot of consideration and carefully weighing the pros and cons, we have decided to detail and analyze the exploit.

Sure, it is a bad thing that these things happen and we won’t even be sure if the exploit has been really used, but it must be said that Apple responded very fast and even solved it very fast.