Apple ID security issue fixed, password page back online
The
page was taken down yesterday, after reports of an exploit that could
let hackers with a user's e-mail address and birth date change the
user's Apple ID password. The company has fixed the issue.
Apple has fixed the security issue
involving its Apple ID password-reset page, a vulnerability that had
made it possible for hackers with a user's e-mail address and birth date
to reset the user's password.
Apple said yesterday that it was aware of the issue and was preparing
a fix. Meanwhile, the company had taken the "iForgot" reset page
offline for maintenance. Now the page is back up, and Apple has confirmed the fix with CNET.
The security exploit made use of a special URL that got around the
need to answer a security question. Apple had added the question step
last April.
The exploit didn't work on the accounts of users who had enabled
two-step verification, which Apple introduced Thursday. That system does
away with the security question in favor of sending a request for a
four-digit PIN code to a cell phone. The user enters the PIN along with
the typical password.
However, as reported
by The Verge, a number of Apple ID holders were told they'd have to
wait three days before they could enable the two-step verification
setup. Also, at this point, the two-step system is available only in the
U.S., Britain, Australia, Ireland, and New Zealand.
There are more than 500 million active Apple ID accounts, which are
used for the company's various stores and online services, including
iCloud.
Update, 9:40 a.m. PT:
We just received official confirmation from Apple that the company
has fixed the issue. This story has been updated to reflect that.
0 komentar: