Friday, March 22, 2013, 03:47 pm PT (06:47 pm ET)
Apple working on fix for Apple ID password security hole [update: fixed]Hours after a security exploit was discovered regarding the resetting of Apple ID passwords, the company has acknowledged the issue and said it is actively working on a fix.
Update: As of 7 p.m. Pacific, Apple's iForgot webpage and related services are back online.
The vulnerability, exposed earlier on Friday, allows malicious users to reset the Apple ID and iCloud passwords of others using only the victim's email address and date of birth. The bug essentially grants unlimited access to every Apple service associated with their Apple ID, including iTunes accounts, e-mail, and synced iCloud data.
After the discovery, Apple subsequently took down the iForgot password reset page "for maintenance," and updated the iCloud System Status webpage to inform users of the issue.
In a statement to The Verge the company said, "Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix."
Apple did not say when it expects the issue to be resolved.
On Topic: General
- Review: Razer's Kraken Pro analog gaming headset
- Apple hires noted tech journalist Anand Lal Shimpi
- Samsung asks New Yorkers to compare Apple's iPad Air to Galaxy Tab S in new ad
- Apple's mysterious 2-story structure at site of Sept. 9 event drives frenzy even further
- Apple announces Sept. 9 event for expected 'iPhone 6' & 'iWatch' unveiling: 'Wish we could say more'