Apple is yet to confirm this, but it appears that a Mac OS X vulnerability could allow hackers to access someone else’s Apple ID in just 10 seconds.
The guys over at shootitlive
came across what seems to be a major security flaw that could be exploited by a hacker connected to the same Wi-Fi network as the victim.
The method is called “Session Fixation Attack” and basically comes down to using a previous browser session to extract private data and get access to an Apple ID.
This means that iTunes and App Store accounts can be compromised, as the hacker can change both the password and the email address.
says it has already informed Apple about the security flaw, but the Cupertino-based company has only replied with an automatic response.