Canadian Apple users may be in danger of having their Apple ID and iCloud
account passowrds reset by cyber criminals without their authorization because of an security flaw
Apple had released a two-step verification process to prevent such a breach but a check with the company's Web site indicates that the tool is not yet available for Canada.
The fl;aw enables hackers to reset passwords without authorization as long as they know the account holder's email address and birthday.
The exploit involves pasting a specific modified URL when the hacker is answer the death of birth security question in Apple’s iForgot page for users who forgot their passwords, according to a report from online technology publication TheVerge.com.
Apple ID is used for carrying out tasks such as purchasing from the iTunes and App Stores, keeping personal information up-to-date across devices with iCloud, and locating, locking, or wiping devices.
The two-step verification is a feature you can use to keep your Apple ID as secure as possible.
On Thursday, apple made available a two-step verification process for Apple ID and iCloud users. Users who have activated the two-step verification process are safe.
However, by Friday instructions to the exploit, which works on customers who not enabled the two-step verification feature, was already being spread over the Internet.
Secure mobile e-commerce closer for big carriers
Kaspersky launches endpoint security tool
The verification process release by Apple, is also not available for users outside the United States, United Kingdom, Australia, Ireland and New Zealand. Other countries will be added to the list eventually, Apple said.
Read the whole story here