We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Apple takes password reset functionality offline after news of serious vulnerability

Earlier Friday, The Verge reported on a significant security exploit with Apple's "reset password" functionality for Apple IDs. Armed with only your email address and date of birth, a hacker could tweak a specific URL to reset the password for your account.

If you've already enabled Apple's just-launched two-step verification for your account, you shouldn't be vulnerable to this attack. But if you hadn't, or if you had started the process but were ensnared by the three-day waiting period Apple levied for certain users to enable the more secure option, your account remained at risk--unless you updated your account with a fake date of birth.

That said, you're safe--for the time being. Apple has disabled its password reset functionality for now, presumably while it works to patch the exploit.

An Apple spokesperson told Macworld, "Apple takes customer privacy very seriously. We are aware of this issue, and are working on a fix."

Exploits like this are just one of many reasons you ought to enable two-factor authentication. You still might decide to muck about with your birthdate for your Apple account, because Apple's recent history with patching security bugs--like those affecting the iPhone's lock screen--have been far from perfect.


IDG UK Sites

Samsung Galaxy S6 launch as it happened: Galaxy S6 launch video and live blog - watch again as...

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...