Apple iPhone users are facing a new attack that targets the password reset feature. The attack involves bombarding users with notifications or multi-factor authentication (MFA) messages, prompting them to reset their password. These annoying popups appear on all Apple devices, including iPhones, iPads, and Macs.
Security researcher Brian Krebs discovered this attack and highlighted it on his blog, Krebs On Security. The purpose of these popups is not to gain access to the iPhone directly but to create panic before the attacker calls the user from a spoofed number. The attacker pretends to be from Apple support and requests the user to share a one-time password to confirm a password reset.
In this attack, Apple devices are flooded with system-level prompts that prevent normal usage until the user responds to each prompt with 'Allow' or 'Don’t Allow.' The attackers then call the victim, spoofing Apple support on the caller ID, claiming the user's account is under attack and asking for a one-time code verification.
While this attack may seem concerning, executing it is not straightforward. The attacker needs access to the user's email address and phone number associated with their Apple ID. In one reported case, attackers obtained this information from a people-search website but made a mistake in the victim's name, raising suspicion.
Attackers are exploiting Apple's Forgot Password feature for Apple ID to send spam messages. They may also be leveraging a vulnerability to bypass Apple's restrictions on the number of password reset requests.
Cybersecurity experts emphasize the importance of remaining vigilant against evolving phishing tactics. Users are advised to use strong passwords for their Apple ID and never disclose sensitive information, especially one-time passcodes, over the phone.
