Apple just made iCloud a lot more secure yesterday by rolling out a two-step authentication process that should keep hijackers at bay. However, a huge security hole was just found that allows hijackers to reset Apple ID passwords with only an email address and your date of birth.
The new exploit affects all customers who have not yet enabled the new two-step authentication feature. To make matters worse, some users who enabled two-step authentication yesterday, have to wait 3 days before it kicks in, meaning some might still be vulnerable to the exploit.
The Verge reports that the exploit involves pasting in a modified URL while answering the DOM security question on Apple’s iForgot page. The exploit is easy enough for just about anyone to manage.
If you haven’t enabled two-step verification to your Apple account, we strongly recommend that you do so as soon as possible. For information on how to complete the two-step authentication, check out our article here.
Source: The Verge