image credit: pexels
The issue, researcher Laxman Muthiyah says, was a bypass of the various security measures Apple has in place to prevent attempts to brute force the ‘forgot password’ functionality for Apple accounts.
When attempting to reset a password, the user is prompted to provide their phone number or email address to receive a 6-digit one-time passcode.
Thus, an attacker looking to take over the account, first needs to know the victim’s phone number or email address, and then to correctly guess the 6-digit code or be able to try all of the roughly 1 million possibilities.
Comments are closed.
