Apple ID Password Reset Scam Targets Users with Incessant Pop-ups

Attackers exploit a vulnerability in Apple's multi-factor authentication, leading to calls for improved security measures.

Apple users are being targeted by a scam involving incessant pop-ups asking to reset their Apple ID password, exploiting a vulnerability in Apple's multi-factor authentication process.
The scam also involves spoofed calls pretending to be from Apple Support, attempting to trick users into sharing a one-time password code.
Victims have reported receiving over 100 password reset prompts on their devices, effectively spamming them and making it difficult to use their devices.
Experts suggest that Apple's password-reset scheme needs rate limiting or some other form of access control to prevent such attacks.
Security advice includes limiting authentication attempts, blocking access after failed attempts, and adding geolocation or biometric requirements.