2024-03-27 07:55:00
A new type of phishing attack is currently targeting Apple ID, the iPhone’s authentication system. Victims report that their devices repeatedly display notifications to reset their password.
© Envato
A bug in the Apple ID password reset feature is currently being exploited by hackers. KrebsOnSecurity reports that cybercriminals are bombarding Apple users with notifications and authentication messages asking them toapprove the change of their password. Hopefully, along with Apple ID’s name change with iOS 18, Apple will patch this serious security flaw.
Because it’s nothing other thana phishing attempt. This one is particularly annoying because Apple ID is common to the entire Apple ecosystem. If a user has a Mac, an iPhone, or even an Apple Watch, all of these devices will display password change approval requests.
Phishing attempts linked to Apple ID are increasing
The cybercriminals’ tactics are simple: tirelessly spam the victim. If it refuses the request, they start once more, in the hope that following a while the user mistakenly approves the request, or even if tired of these messages, he decides to accept the request for s get rid of it. Serious error: from there, hackers can change the password and take possession of their victim’s Apple account.
Above all, these Apple ID notifications are unavoidable: they render all linked Apple products unusable until the window is closed. As long as hackers continue to spam, the devices are therefore out of service. On X, Parth Patel shares his sad experience. He explains that he had to refuse over 100 notifications before the attack ends.
Last night, I was targeted for a sophisticated phishing attack on my Apple ID.
This was a high effort concentrated attempt at me.
Other founders are being targeted by the same group/attack, so I’m sharing what happened for visibility.
🧵 Here’s how it went down:
— Parth (@parth220_) March 23, 2024
Read > iOS 18: Apple will take inspiration from Android for personalizing the home screen
Without approval from the victim, some hackers go even further: they attempt to pretending to be Apple support via a phone call. Cybercriminals claim they want to help the victim, but are actually trying to obtain the OTP code sent to the phone number during password changes.
In Mr Patel’s case, they knew his email address and telephone number. These are precisely the two pieces of information on which this attack depends. In fact, you just need to have them at your disposal to request a new Apple ID password. Simply enter the last two digits of the telephone number associated with the email address for an alert to be triggered.
A mystery remains: how do cybercriminals send so many alerts in succession? There is no doubt that the Apple ID system is not supposed to be able to send more than 100 requests in a row, however hackers manage to bypass the limit. After the App Store and side-loading in the EU, Apple still has work to do in terms of security.
- Phishing attempts exploiting an Apple ID flaw are increasing, according to a cybersecurity company.
- Hackers tirelessly spam the victim with notifications to reset their Apple password.
- Some report having to close 100 notifications before they can use their Apple devices once more.
1711529617
#Apple #suffers #security #flaw #exploited #cybercriminals #beware
