The security breach is said to be only possible on users who do not have the newly introduced two-step verification. However, several Apple users are yet to gain access to this service with up to a 3-day waiting period living them vulnerable to the security exploit. The Verge explains that the exploit involves using a modified URL which then sends the hacker into Apple’s iForgot page and by providing the target user’s email and date of birth they can be able to successfully change the user’s Apple login password.
With information such as date of birth and email easily available through social media networks, it is a concern that this security exploit could affect several Apple users if it is not addressed soon. Worse is that the step tutorial outlining the exploit is said to be readily available online and just about anyone can gain access to this tutorial. Enabling Apple’s two-step verification is the solution to avoiding this security breach, but for those who are yet to gain access to the feature changing their date of birth temporarily on social media networks seems like the best solution
