Extraordinarily bad news. The damage that can be done with an Apple ID is limitless, including CC leaks, physical address, instant remote wipes of phones and Macs, you name it.<p>This had better be Apple's priority zero today.<p>Edit: When a critical hole is discovered in a system that manages the identity of the 400M wealthiest people on Earth, I'd expect this story to be ranking a little higher than page three on HN.
So has there been a recent change to the Apple.com homepage? I ask this before going on an unfounded rant here...but it is <i></i>*king aggravating trying to figure out where you're supposed to even login to your account on the Apple home page. I wanted to see if this exploit worked on my account but literally could not find the login area...I had to randomly click through the help docs until it took me to the "iforgot.apple.com". The only time I saw an evident "My Account" link is by clicking on the Store tab, and even then you have to notice that the top-right corner nav has changed to include an "Account" link.<p>I recently had to report my iPod stolen to the cops. It's a testament to both how often cops have to deal with stolen iDevices and how confusing the Apple homepage is, that I had to have the cop walk me through how to login to my account on the Apple homepage to get to the device information he needed.<p>The domains apple.com, store.apple.com, secure2.store.apple.com (which you go to after you've logged in), and iforgot.apple.com all seem to use different templates, sometimes even different metrics and external code files. I wonder how much of what seems to be a unified storefront is actually a bunch of balkanized subdomains?