The Verge today publicized a rather gaping security hole in Apple’s online password reset system. The hole, which became available after Apple implemented two-factor authentication yesterday, allows users to reset a password using only an email address and the target’s birthdate. Those are two pieces of information which are incredibly easy to come by, which makes this exploit very attractive to malicious hackers.
Luckily, it appears that Apple is both aware of the issue and actively working to fix it. Apple’s password update page is now listed as being “unavailable,” which is likely an indicator that a fix is being implemented behind the scenes.