Apple ID Possible Security Vulnerability
I recently discovered that one can get full access to your Apple ID only knowing the passcode of your iPhone by following these steps:
- Unlock the iPhone by passcode
- Open Settings -> click on the Apple ID -> Password & Security -> Change Password. There they can enter the same passcode and iPhone would let them change the Apple ID password without asking to enter the current one.
- Now that they know the new Apple ID password and the owner doesn't, they can do virtually anything with the iPhone. For instance, they can turn off Find My, reset the iPhone and link it to another Apple ID.
I believe many people, including me, share their passcode with friends, and even though people usually don't share it with the people they don't trust, the fact that one can gain full access to Apple ID and all the devices linked to it only knowing the password seems like a serious vulnerability to me. Other than using a strong passcode and not sharing it with anyone, is there any way to change that behavior and make iPhone ask for the current Apple ID password before letting change it?
