Apple users are currently facing a new attack that aims to hijack all of their devices. Reports from KrebsOnSecurity indicate that many users are experiencing a phishing attack that floods their Apple devices with an overwhelming number of system-level prompts. This attack renders the devices unusable until the user selects either “Allow” or “Don’t Allow” for each prompt.
The attackers seem to be exploiting a potential glitch in Apple’s password reset mechanism, although this has not been confirmed. They are counting on users eventually clicking on “Allow” after repeated password reset requests, whether intentionally or accidentally.
If that tactic fails, the attackers will go a step further by calling the victim from what appears to be Apple’s official number (although it is spoofed). They will claim that the user’s account is under attack and request verification through a one-time code.
For example, Parth Patel shared his experience where he received multiple requests to approve a password change on his watch, phone, and laptop. After denying all the requests, he received a call from a number spoofed as Apple Support (1-800-275-2273). Luckily, they got his name wrong, preventing him from falling into their trap.
Another user named Chris encountered a similar situation in February when he received 30 simultaneous notifications on his devices. Despite denying them all, the attacks persisted for several days. When he received a call claiming to be from Apple, Chris decided to call back the official Apple number and discovered that no one had contacted him.
This series of events led Chris to reset all his passwords and get a new iPhone. However, even with his new device at the Apple Genius Bar, he continued receiving suspicious alerts. It became evident that attackers were leveraging phone numbers associated with Apple users to execute these attacks.
Similarly, Ken reported receiving fishy alerts on his Apple devices earlier this year and was provided with an Apple Recovery Key by an engineer to stop the notifications. Despite enabling this security feature meant to enhance account security by disabling standard recovery processes unless authorized with the key, Ken still receives unsolicited alerts every few days across all his devices.
It is concerning how Apple’s authentication system allows repeated password change requests within seconds when initial requests go unanswered. While there may be a potential bug in Apple’s system causing these issues, the company has not addressed these attacks publicly yet. Stay vigilant and avoid falling victim to such phishing attempts by being cautious when providing sensitive information or clicking on suspicious links or prompts.
