Click to Skip Ad
Closing in...

Apple security hole allows unauthorized access to iCloud account [updated]

Updated Mar 22nd, 2013 7:27PM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

A new security vulnerability has been discovered that allows unauthorized users to gain access to Apple (AAPL) accounts that have not yet upgraded to the company’s new two-step verification feature. The exploit, as reported by The Verge, allows anyone to reset an Apple account password with only an email address and date of birth. This action is achieved through a modified URL accessing Apple’s own iForgot password support page. Users can protect themselves by turning on Apple’s two-step verification feature. The extra layer of security requires users enter a verification code that has been sent to a trusted device prior to changing any personal information.

UPDATE: Apple has acknowledged the issue and said it is actively working on a fix. The company’s iForgot password reset tool has been taken offline until further notice.

Dan joins the BGR team as the Android Editor, covering all things relating to Google’s premiere operating system. His work has appeared on Fox News, Fox Business and Yahoo News, among other publications. When he isn’t testing the latest devices or apps, he can be found enjoying the sights and sounds of New York City.