Numerous Apple customers have been targeted in a sophisticated phishing attack where scammers exploit a bug in Apple’s password reset process. This attack inundates the victim’s Apple devices with numerous system notifications, making it impossible to use the device until the prompts are addressed. This attack, known as “push bombing” or “MFA fatigue,” aims to trick users into approving a password reset, allowing the scammers to take over the account and remotely wipe the devices. One victim even received a call from a fake Apple support number displaying on caller ID. An anonymous security industry veteran emphasized the importance of being cautious and highlighted the issue of Apple’s systems potentially being exploited due to a rate limit bug.
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/