In a recent report by Krebsonsecurity, it has been revealed that iPhone users are being bombarded with suspicious notifications in a phishing attempt to steal their Apple accounts. This attack not only affects iPhones, but also other Apple devices linked to the same Apple ID, including the Apple Watch and Macs.
The attackers' modus operandi is to overwhelm users with password change requests through notifications. These notifications appear in a cascade and require a user response to “Allow” or “Do not allow.” The volume of messages is so high that it prevents normal use of the device until each message is responded to.
This attack appears to exploit a vulnerability in Apple's password reset feature and escalates if the user resists, with attackers resorting to phone calls pretending to be from Apple. Experts suggest that this attack could be exploiting a weakness in Apple's multi-factor authentication (MFA).
It is crucial that users be alert and do not respond to these notifications or provide personal information during suspicious calls. In case you receive such notifications, it is recommended to contact Apple support directly to verify the legitimacy of the requests and take appropriate security measures.