Techly NewsGet the app

Get the latest tech news

Recent 'MFA Bombing' Attacks Targeting Apple Users


An anonymous reader quotes a report from KrebsOnSecurity: Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-...

Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user's account is under attack and that Apple support needs to "verify" a one-time code. Kishan Bagaria is a hobbyist security researcher and engineer who founded the website texts.com (now owned by Automattic), and he's convinced Apple has a problem on its end. In August 2019, Bagaria reported to Apple a bug that allowed an exploit he dubbed "AirDoS" because it could be used to let an attacker infinitely spam all nearby iOS devices with a system-level prompt to share a file via AirDrop -- a file-sharing capability built into Apple products.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of attacks

attacks

Photo of apple users

apple users

Photo of mfa bombing

mfa bombing

Related news:

News photo

Apple users targeted by incredibly annoying 'Reset Password' attack

News photo

Judge sends strong message about Elon Musk's attacks on disinformation experts

News photo

Warning: Apple Users Targeted in Phishing Attack Involving Rapid Password Reset Requests

« Elon Musk got special favors and access from China that could leave him exposed, report says
Israel quietly rolled out a mass facial recognition program in the Gaza Strip »