All postings and use of the content material on this site are topic to the Apple Developer Forums Participation Agreement. I additionally tried twice to have a cellphone name with them but they by no means contacted me… If you’re taken to another page — even to something that looks like an Apple web page but is asking you for login info — don’t continue. Something isn’t right, and you could be coping with a malicious site. In the meantime, here’s what you are able to do to remain protected should you find a misplaced AirTag.
So two failures to validate, which appears to be a common theme with Apple. Over the years we’ve seen them not price restrict iCloud password guesses, and a number of situations of iOS exploits using malformed web pages or SMS messages. I assume the intended assault is to fake an apple login web page with the hyperlink.
Given the import of the issue itself and the eye it has received, this is an issuer deserving of a CEO-level response with an apology and an action plan to repair the problem. JamminJ September 30, 2021There are good, open supply, QR code readers in your phone. And by default, they’ll only show the plaintext contents of the QR code without auto-navigating utilizing your browser. In this case, it won’t matter much since found.apple.com just isn’t going to raise purple flags.
When scanned, an AirTag in Lost Mode will present a short message asking the finder to name the proprietor at at their specified telephone quantity. This data pops up without asking the finder to log in or provide any private information. But your common Good Samaritan might not know this. The vulnerability was found the us government finally serious iot and reported to Apple by Bobby Rauch, a security consultant and penetration tester based mostly in Boston. Rauch told KrebsOnSecurity the AirTag weakness makes the devices low cost and possibly very efficient physical trojan horses.
However, the common Good Samaritan could also be unaware of this. It was severe concern allowing to change 2FA and password with out having access to anything except “application specific password” you would generate to use for POP3/IMAP entry. The problem is that since he’s exterior to Apple, yeah, he’s got to go through the bureaucratic process with so many checks. Which is why some things don’t get credited properly. If someone on the interior staff gets wind of it, they can repair it sooner, and may skip lots of the bug bounty program steps that would have ensured credit score for Bobby.
