AppleApple is working on a security vulnerability in its cloud services. The flaw could allow malicious users to reset Apple ID and passwords, according to The Verge.

Apple is working on the problem and has taken down the iForgot website in the meantime.

It didn’t take a lot to reset passwords – just an ID and a birthdate.

“Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix,” Apple told The Verge in a statement.

This comes a day after Apple rolled out a two-step process for verification for Apple ID and its iCloud accounts. (Although not all users were allowed to enable the two-step process immediately if information had been recently changed.)

The process would force users to verify IDs on a trusted device such as an iPad or iPhone belonging to the user.


  1. And it’s already been fixed. It also wasn’t JUST the email address you used for your iCloud account and your DOB. You needed to know a modified URL to trigger this. Not that that is any consolation to anyone bit by this before it was fixed.

    And that 2 factor authentication for password resets apparently isn’t available in every country and there are apparently other cases where you can’t use it.

The TeleRead community values your civil and thoughtful comments. We use a cache, so expect a delay. Problems? E-mail