Author: vdddv
Posted: Wednesday, March 27, 2024
krebsonsecurity.com
398
Recent 'MFA Bombing' Attacks Targeting Apple Users
Zumi
Article summary
The linked article is about elaborate phishing attacks targeting several Apple customers where a potential bug in Apple's password reset feature tricks victims by forcing Apple devices to display what seems like dozens of system-level prompts that prevent the devices from being used unless the recipient responds “Allow” or “Don’t Allow”. Assuming the user manages not to fat-finger the wrong reset-request button, then a caller ID-spoofing Apple support calls the victim, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code.