Skip to main content

Security loophole leaves Apple IDs, passwords vulnerable to easy attack

apple logo shadow
Image used with permission by copyright holder

If you haven’t already jumped on Apple’s new two-step verification system for protecting your Apple ID and iCloud, your account is at serious risk. A hole in the company’s security could let somebody change your password with just your email address and birthdate, The Verge reported. Unless you have already updated your ID to the stronger security system, you should log on as soon as possible to protect your account from hijacking. You can do so here

Adding fuel to the fire, some Apple IDs will not be able to switch to the two-step verification for three days. That may be the case for you if you’ve recently made any significant changes to your account information, according to Apple’s FAQ on the two-step system. The Verge recommended that those people who must postpone the security upgrade change their birthdate as a stopgap measure. To do so, log in to the Password and Security section of Apple’s account settings page. 

The security hole allows a hacker to paste a modified URL into the date of birth question on Apple’s iForgot page for resetting a forgotten or lost password. 

This isn’t the first time this year that Apple has been targeted with security problems. Just last month, the company acknowledged that it was hacked by people who also hit Facebook. Representatives from Apple said no data appeared to have left the company in that attack. The vulnerability should serve as a reminder that no tech security system has proven unbreakable. 

We assume (read “hope”) Apple is currently working on the issue, and we’ll update you when we know more.

Image via Brett Weinstein

Anna Washenko
Former Digital Trends Contributor
Anna is a professional writer living in Chicago. She covers everything from social media to digital entertainment, from tech…
Apple Security Research website launches to protect your Mac
Apple Seurity Research website has resources for bug bounty hunters.

Apple just launched a new website that's dedicated to macOS and iOS security and there are already two blog posts that provide examples of what to expect, one providing a deep dive into memory allocation within the XNU kernel at the heart of all Apple devices, and another discussing the improved security bounty process.

The new website will undoubtedly become a critical resource for Apple security researchers, both providing information and serving as a hub for submitting bounties. The Apple Security Research website is also where you can apply for an official Apple Security Research Device (SRD) to help with identifying vulnerabilities by providing special access to what are normally protected areas of iOS.

Read more
Apple’s lead designer is leaving the company just three years after replacing Ive
The Apple logo on the iPhone 14 Pro Max.

Apple is facing a major departure from its corporate leadership as Evans Hankey, head of hardware design, announced that she will be leaving the role earlier this week. Hankey has been Apple's head of hardware design since 2019 and told colleagues that she will remain in her position for the next six months before her official departure in 2023. While people may be anxious to know who will be replacing her once she leaves, no successor has been named.

Hankey's departure marks a significant change in Apple's research and development department, especially because her time as head of hardware design was relatively brief when comparing it to Jony Ive , who held the position for 20 years before being replaced by her. Both Ive and Hankey have been responsible for shipping some of Apple's most iconic devices, so whoever steps up as the new department head will have quite the reputation to follow.

Read more
This Microsoft Teams exploit could leave your account vulnerable
A video call in Microsoft Teams is displayed on a laptop.

According to analysts from cybersecurity company Vectra, there's a massive vulnerability within Microsoft Teams, and countless users could potentially be affected if hackers gets their hands on it.

The program has a flaw that makes it possible for attackers to steal the login credentials of users and log into their accounts. Unfortunately, Microsoft is not planning to patch this right now, so read on to make sure you're staying safe from this unexpected Microsoft Teams issue.

Read more