Some foreign iPhone users have recently reported that hackers exploited a vulnerability in Apple’s password reset function to launch phishing attacks on them.
Affected iPhone users report that once infected, the system will forcefully display dozens of system-level prompts, each prompt will have two options of “allow” and “deny”, rendering the device unusable.
If an iPhone user decides not to respond to these prompt notifications, the hacker will then pretend to be an Apple salesperson, inform them that the system has detected that the user’s device is under attack, and require the user to provide an SMS verification code.
Once the user provides the verification code, the hacker can perform subsequent operations to change the user’s Apple ID account and steal related data.
Netizen Parth Patel recently shared his experience of being attacked. He said that he was unable to use his device before clicking “not allowed” on more than 100 notifications.
