Worryingly, Apple users have become the latest targets of advanced phishing attacks. The attack exploits a potential bug in Apple’s password reset feature, causing a flood of notifications or multi-factor authentication (MFA) messages to bombard users’ devices.
iPhone sounds alert
The attack involves tricking users into approving Apple ID password change requests. The attacker repeatedly prompts the target’s iPhone, Apple Watch, or Mac with a system-level password change approval text. The goal is to trick users into accepting the request unintentionally, or to pester them with alerts until they click the accept button.Once accepted, the attacker could gain control of the Apple ID, preventing the user from accessing their account (e.g. Krebs on security.
Because the attack is persistent, all connected Apple devices are rendered unusable until each notification is ignored individually. Parth Patel took to Twitter to reveal how horrific his experience was and how he had to delete over 100 alerts to regain control of his device.
Additionally, if the user refuses to click “Allow” on the password change notification, the attacker can make a call pretending to be an Apple representative. During these calls, victims are forced to reveal one-time passwords sent to their phone numbers, further compromising their security.
Attackers used information leaked from people’s search sites to obtain users’ names, addresses and phone numbers. While the method seems complicated, it relies on accessing the email address and phone number associated with your Apple ID.
According to an analysis by KrebsOnSecurity, attackers exploited Apple’s Forgotten Apple ID Password page to bypass the system’s intended functionality. Despite the CAPTCHA functionality, attackers could still send duplicate messages to users, most likely exploiting a bug in Apple’s system.
Apple device owners are advised to be vigilant and not approve suspicious password change requests. Additionally, customers should be wary of spam calls requesting one-time password reset codes, since Apple does not make these requests over the phone.
Follow us on Google news ,Twitter , and Join Whatsapp Group of thelocalreport.in