Fixed? Giant Security Hole Apparently Patched, iForgot Site Back Up


Yo, dawg, I heard you had some security issues...
Yo, dawg, I heard you had some security issues...

Earlier today, we told you about the massive security issue that Apple let slip through while adding it’s new two step authentication process. As a result, Apple shut down it’s password recovery site, iForgot, earlier today.

And? It’s back up and ready to start helping you get your password. Looks like Apple fixed the problem.

The exploit involved an attacker sending a direct URL to Apple that could change the password for a given iTunes account without actually having to answer the security challenge questions. Apple blocked the page, then took down the entire site, ostensibly to fix the back door issue.

The exploit could have affected anyone who still hadn’t enabled the new two step verification process via Apple, and many folks had been stuck in a three day holding pattern to do just that, making it one of the more ironic security fixes in recent memory.

Now that iForgot is up, we can assume the exploit is fixed, as iMore reports confirming. We’ve contacted Apple for our own verification and will update if and when they respond.

Source: iMore
Via: The Loop

  • ChrisMKerrigan

    Glad to see Apple quickly address the issue.