Posted 3/26/2024, 11:34:28 PM
Hackers Exploit Apple Password Reset to Bombard Users with Endless Notifications
- Phishing attacks exploit Apple password reset feature to bombard users with endless password change requests in hopes target will mistakenly approve
- Attackers able to change Apple ID password if request approved, locking users out of their accounts
- Notifications render Apple devices unusable until dismissed one by one
- Attackers follow up with phone calls posing as Apple support to try to get one-time passcode
- Bug appears to allow attackers to bypass rate limits and send endless password reset requests