Apple has fixed a security hole that made it easy for someone to seize another person’s Apple account, which controls access to iCloud, iTunes and other Apple services.
The company made the password reset page for Apple ID accounts available again, not long after the discovery of the security hole forced it to take the site down. The Verge reported on Friday that the security hole allowed anybody who knows another user’s account name and date of birth to reset his password, without answering the customary security questions that usually accompany the process.
The Verge, which said it verified the security hole after a tutorial about it was posted online, reported that it involved pasting a special Web address into a browser.
The discovery came just days after Apple introduced a feature called two-step verification to improve the security of Apple ID accounts. The feature requires people to a use conventional password in conjunction with a code they receive on a cellphone in order to initially gain access to their Apple account from a new device.