A new exploit has been discovered that allows anyone with both your email address and date of birth to reset your Apple password by pasting a modified URL on Apple’s iForgot page, according to a report.
Further details about the issue were not provided for security reasons, but the hole was confirmed.
Yesterday, Apple added an optional two-step verfication service; users of that service would not be susceptible to the security hole.