"MFA Bombing: Apple Users Under Attack"

Apple users have been targeted in phishing attacks involving a bug in Apple’s password reset feature, inundating devices with prompts to approve a password change or login. Scammers then call the victim posing as Apple support, aiming to obtain a one-time code to reset the password and lock the user out. The attackers also exploit the knowledge of the target’s phone number on file. Despite attempts to mitigate the issue, including enabling a recovery key, the unbidden system alerts persist. Concerns have been raised about a potential bug in Apple's rate limiting system, allowing for the rapid generation of these password reset requests.