Major Security Hole Allows Apple Passwords to Be Reset theverge.com

Chris Welch, The Verge:

Apple yesterday rolled out two-step verification, a security measure that promises to further shield Apple ID and iCloud accounts from being hijacked. Unfortunately, today a new exploit has been discovered that affects all customers who haven’t yet enabled the new feature. It allows anyone with your email address and date of birth to reset your password — using Apple’s own tools.

Naturally, I tried to enable two-step authentication after reading this. However, it turns out that it’s only available in the U.S., U.K., Ireland, Australia, and New Zealand right now. This is a big problem.