[rootusrootus]

This seems like it is entirely a human problem, not any kind of technical failure. The fix is the same as it always was -- people need to be trained to say no by default, do not trust inbound calls ever, and never ever share your credentials.

If you follow that advice, this attack poses no risk other than annoyance. If you do not give your password to the creep who calls you claiming to be apple support, you will be okay.

[ascorbic]

A system that lets an attacker send hundreds of push notifications, effectively making a phone unusable until you click "allow" is a technical failure. So is one that lets an attacker spoof Apple's caller ID. Sure, that one is a failure with caller ID in general, but it's not beyond Apple's ability to special-case its own numbers.

[dimgl]

> people need to be trained to say no by default, do not trust inbound calls ever

This really sucks though. It basically means that our current phone system is inherently broken and something that was potentially useful before is no longer useful due to malicious actors.