A new security vulnerability has been discovered that allows unauthorized users to gain access to Apple (AAPL) accounts that have not yet upgraded to the company’s new two-step verification feature. The exploit, as reported by The Verge, allows anyone to reset an Apple account password with only an email address and date of birth. This action is achieved through a modified URL accessing Apple’s own iForgot password support page. Users can protect themselves by turning on Apple’s two-step verification feature. The extra layer of security requires users enter a verification code that has been sent to a trusted device prior to changing any personal information.
[More from BGR: What it’s like to ride in Google’s driverless car]
This article was originally published on BGR.com