Skip to main content

Security loophole leaves Apple IDs, passwords vulnerable to easy attack

apple logo shadow
Image used with permission by copyright holder

If you haven’t already jumped on Apple’s new two-step verification system for protecting your Apple ID and iCloud, your account is at serious risk. A hole in the company’s security could let somebody change your password with just your email address and birthdate, The Verge reported. Unless you have already updated your ID to the stronger security system, you should log on as soon as possible to protect your account from hijacking. You can do so here

Adding fuel to the fire, some Apple IDs will not be able to switch to the two-step verification for three days. That may be the case for you if you’ve recently made any significant changes to your account information, according to Apple’s FAQ on the two-step system. The Verge recommended that those people who must postpone the security upgrade change their birthdate as a stopgap measure. To do so, log in to the Password and Security section of Apple’s account settings page. 

The security hole allows a hacker to paste a modified URL into the date of birth question on Apple’s iForgot page for resetting a forgotten or lost password. 

This isn’t the first time this year that Apple has been targeted with security problems. Just last month, the company acknowledged that it was hacked by people who also hit Facebook. Representatives from Apple said no data appeared to have left the company in that attack. The vulnerability should serve as a reminder that no tech security system has proven unbreakable. 

We assume (read “hope”) Apple is currently working on the issue, and we’ll update you when we know more.

Image via Brett Weinstein

Editors' Recommendations

Anna Washenko
Former Digital Trends Contributor
Anna is a professional writer living in Chicago. She covers everything from social media to digital entertainment, from tech…
The M1 has a major security loophole that Apple can’t patch
Apple M1 processor on a mainboard.

Researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) have discovered a new security vulnerability that targets Apple's popular M1 processor. The attack, dubbed PACMAN, is capable of bypassing the last line of defense against software bugs on the M1 and potentially other ARM-based processors.

PACMAN attacks pointer authentication, which is the final stop for most software vulnerabilities. Pointer authentication confirms that a program hasn't been changed in any malicious way, serving as a "safety net ... in the worst case scenario," as MIT PhD student Joseph Ravichandran put it. MIT's researchers developed PACMAN as a way to guess the pointer authentication signature, bypassing this critical security mechanism. Researchers say PACMAN exploits a hardware mechanism, so a software patch won't be able to fix it.

Read more
Researchers find new vulnerability with Apple Silicon chips
A Macbook Pro sits in the dark, illuminated by its own screen.

Researchers have released details of an Apple Silicon vulnerability dubbed "Augury." However, it doesn't seem to be a huge issue at the moment.

Jose Rodrigo Sanchez Vicarte from the University of Illinois at Urbana-Champaign and Michael Flanders of the University of Washington published their findings of a flaw within Apple Silicon. The vulnerability itself is due to a flaw in Apple's implementation of the Data-Memory Dependent Prefetcher (DMP).

Read more
How to clean up your passwords and boost online security
Close up of a person's hands resting on a laptop while one hand holds a smartphone.

The health of your passwords is a big part of your overall online security and you shouldn't neglect it. Reviewing your passwords, weeding out the weak ones, and replacing them with stronger passwords are all good habits to keep up to fortify your online security. But what if you haven't done any of that in a while or have never gotten around to it before? No worries. With our handy guide below, we'll show you how to clean up your passwords and even suggest a few more ways to boost your security online.

Read more