Apple Fixes Password Vulnerability, Resets Tool Back Online

Apple announced that the recently reported password vulnerability problem has been fixed and that the iForgot tool is back online.

Apple confirmed it had received reports of a password vulnerability problem Friday and said it has been working on a fix and until then it had suspended the iForgot tool. Apple users were recommended to set up the new two-step verification in order to secure their accounts. Now, the company has reported that the problem has been fixed and the password reset tool is up and working.

Apple introduced a two-step verification Thursday, to enhance the security of the users' data and sensitive information. But it noticed that accounts of users who did not enable the two-step verification were accessible by answering simple security questions.

But when some users tried enabling the option earlier Friday, they got an error message that asked users to wait for three days before they would be able to take up the two-step verification.

The Verge reported that the security flaw allowed anybody with an email address linked to the Apple ID and date of birth to reset passwords by pasting a modified URL on the iForgot page. Such an access to other accounts risks exposure of all information on the Apple ID and iCloud accounts to malicious users.

The exploit news comes just a day after Apple introduced its new two-step verification. Through the new security process, users receive verification codes on their mobile either via Find My iPhone app or text message. After that the security code must be entered before making changes to the Apple ID account.

Apple pulled down its iForgot password reset system, which was the source of the vulnerability until the problem was sorted. However, the reset tool remained accessible through different ways.

In a statement to The Verge the company said, "Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix."

The Verge also confirmed that the vulnerability has been resolved and the modified URL remains non-functional.

With the problem being resolved and the reset tool back online,Apple users can heave a sigh of relief but users are recommended to enable the two-step verification so the accounts remain secure.