Fixed? Giant Security Hole Apparently Patched, iForgot Site Back Up

Yo, dawg, I heard you had some security issues...

Yo, dawg, I heard you had some security issues…

Earlier today, we told you about the massive security issue that Apple let slip through while adding it’s new two step authentication process. As a result, Apple shut down it’s password recovery site, iForgot, earlier today.

And? It’s back up and ready to start helping you get your password. Looks like Apple fixed the problem.

The exploit involved an attacker sending a direct URL to Apple that could change the password for a given iTunes account without actually having to answer the security challenge questions. Apple blocked the page, then took down the entire site, ostensibly to fix the back door issue.

The exploit could have affected anyone who still hadn’t enabled the new two step verification process via Apple, and many folks had been stuck in a three day holding pattern to do just that, making it one of the more ironic security fixes in recent memory.

Now that iForgot is up, we can assume the exploit is fixed, as iMore reports confirming. We’ve contacted Apple for our own verification and will update if and when they respond.

  • ChrisMKerrigan

    Glad to see Apple quickly address the issue.

About the author

Rob LeFebvreRob LeFebvre is an Anchorage, Alaska-based writer and editor who has contributed to various tech, gaming and iOS sites, including 148Apps, Creative Screenwriting, Shelf-Awareness, VentureBeat, and Paste Magazine. Feel free to find Rob on Twitter @roblef, and send him a cookie once in a while; he'll really appreciate it.

(sorry, you need Javascript to see this e-mail address) | Read more posts by .

Posted in News | Tagged: , , |