Major security hole allows Apple passwords to be reset

The Verge:

It allows anyone with your email address and date of birth to reset your password — using Apple’s own tools. We’ve been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple’s iForgot page.

Change your DOB to something bogus (but write it down) right now.

Update: fixed.