Apple users are facing a serious threat as a sophisticated phishing attack sweeps across devices, highlighting potential weaknesses in Apple's password reset procedures. Reports suggest that cybercriminals are exploiting a potential flaw in Apple's system, bombarding users with constant notifications or multi-factor authentication (MFA) messages.
The attack strategy involves tricking users into approving a password change request for their Apple ID. Perpetrators are targeting iPhones, Apple Watches, and Macs with system-level prompts, aiming to manipulate users into unknowingly giving consent or wearing them down until they click "accept." Once permission is granted, the attacker seizes control of the Apple ID, effectively locking out the legitimate user, as reported by KrebsOnSecurity.
This flood of notifications renders all connected Apple devices unusable until each alert is individually dismissed. One affected user, Parth Patel, shared his distressing experience on social media, recounting how he had to delete over a hundred alerts before regaining control of his devices.
In addition, attackers are using phone calls posing as Apple representatives to pressure users into clicking "Allow" on the password change notifications. During these fraudulent calls, victims are coerced into revealing the one-time passwords sent to their phone numbers, further compromising their security. By exploiting information obtained from public databases, attackers gain access to users' personal details, including names, addresses, and phone numbers. Despite its sophistication, this method relies on having access to the email address and phone number linked to the Apple ID.
Reports indicate that attackers are bypassing the system's intended functionality by exploiting Apple's forgotten Apple ID password page. Despite the presence of CAPTCHA, attackers are flooding users with repeated messages, likely exploiting a vulnerability in Apple's system.
In light of these threats, owners of Apple devices are advised to be cautious and refrain from approving suspicious password change requests. Additionally, since Apple does not initiate such requests over the phone, customers should remain wary of unsolicited calls requesting one-time password reset codes.
Why does 9:41 time appear in every iPhone ad?
This feature turns iPhone into a satellite phone, makes calling without network
Apple in Talks to Integrate Google's Gemini AI into iPhone 16