Just one-day after Apple released its own two-step verification method, it was revealed that Apple has a rather large hole in account holder’s security measures.
Apple’s own password security procedures are to blame for the security flaw, the company has temporarily stopped anyone from reseting their passwords for the time-being. As it turns out, one would only need a person’s date of birth and email address and a third-party user could could gain access to all of a person’s Apple information.
As of now Apple is looking into the matter, the first reporting of the password-problem came from the Verge who received a tip from an anonymous user. The settings came up after first inserting a special URL into a web-browser and then aswering the two bits of information that we previously mentioned.
Just that simple information was be all that was necessary for anyone to gain access to someone’s iTunes and iCloud accounts. As we stated before Apple rolled out a new two-step verification system on Thursday but none of the accounts that started using the service are protected until three-days after signing up, which means anyone could have been breached by the security flaw.
more info: theverge