Yesterday, Apple has rolled out two step verification to protect the hijacking of Apple Accounts and iCloud Accounts. But, just after this announcement, a vulnerability has been discovered that allows attackers to hijack a iCloud or apple account just by entering email and date of birth of victim.
iPhone 6S plus: Flat Rs. 17000 OffiPhone 6S plus Now starts at Rs.39,999
We saw online tutorials that shows how a person can hijack an account just by using Apple’s own tool to hijack some other Apple account. The process was simple and anyone can easily manage to get the answer. This can be done by using a modified URL and Apple’s iForgot page.
Like two step verification on other websites, Apple’s two step verification identifies a user accessing Apple account from a new device. For verification, Apple sends a numerical code on your iPhone via text message. You need to enter this code on the website to authenticate yourself.
At the time of writing this report, Apple’s password reset tool was down. This may be an indication that company is working on patching the vulnerability.