Apple security flaw discovered; two-step verification recommended

A major security flaw was discovered Friday that makes it possible  to easily change another user’s Apple ID password and hijack the account.

Tech news site The Verge said it found the step-by-step tutorial online. The tutorial shows users how to use a modified Apple URL to gain access to someone else’s Apple ID account and reset that person’s password.


The Verge did not share the link to the tutorial out of security concerns, but it recommended that users enable Apple ID’s two-step verification in order to protect their accounts. Two-step verification is an optional safeguard users can add that sends a new code to their phones each time they want to access their Apple account.

PHOTOS: Top 10 must-have smartphone apps


Unfortunately, though, some users are reporting that after they try to enable two-step verification they are getting messages saying that they must wait three days before the added safeguard starts working. The process is also only currently available to users in the U.S., U.K., Australia, Ireland and New Zealand. Users in other countries cannot use this process to protect their accounts.

“Apple takes customer, privacy very seriously,” company spokeswoman Trudy Muller told the Times. “We’re aware of this issue and working on a fix.”

The company has not completely fixed the issue, but it has taken down the iForgot page, which is the key part of the hijacking process.

The security flaw was discovered shortly after Apple sent out updates to patch up another flaw on the iPhone that made it possible for users to get past the phone’s lock screen without entering the necessary passcode.



HTC One to launch in late April, butting heads with Galaxy S 4

Review: BlackBerry Z10 delivers, but doesn’t stand out [Video]

Is the smartwatch the next big thing? LG also looks at wrist device

Get our weekly Business newsletter

A look back, and ahead, at the latest California business news.

You may occasionally receive promotional content from the Los Angeles Times.