

New Apple ID Exploit Allows Others to Reset Your Password - jazzdev
http://lifehacker.com/5991994/new-apple-id-exploit-allows-others-to-reset-your-password-heres-how-to-protect-yourself

======
8ig8
For those worried, this is not a new exploit. Old news:

<https://news.ycombinator.com/item?id=4353155>

<https://news.ycombinator.com/item?id=5425153>

As reported, it's been fixed:

[http://www.zdnet.com/apple-fixes-dangerous-password-reset-
fl...](http://www.zdnet.com/apple-fixes-dangerous-password-reset-
flaw-7000013073/)

------
smith7018
Are you serious? This was revealed over two weeks ago and Apple fixed it that
day, I believe. This isn't "new" and this doesn't exist any more.

------
bsimpson
I'd be happy to sign up for 2-factor auth, but it doesn't work with Google
Voice.

The whole reason I use Google Voice is to keep my phone number independent of
the device/carrier I happen to be using. It's my permanent address in
telephony. Whatever number is on my SIM card is just temporary. If I used 2FA,
I'd run the very real risk of locking myself out of my account the next time I
change carriers.

Knowing how Apple expects its users to commit to its product portfolio all-or-
nothing, I don't expect an Android app, but it would be nice if Facebook and
Apple would at least include Google Voice support in their SMS verification
tools. (As for 2-factor authentication, they really should support the
Authenticator project like everyone else.)

------
DigitalSea
This kind of reminds me of Weev's AT&T hack. Changing some values to obtain
information that should else-wise not be easily obtainable. A pretty big
mistake to make on Apple's part here, but it's good they took the page down
because of the issues and above all, no edgy hacker stealing information and
leaking it was required to publicise the security issue, who would have
thought?

