“It uses a ‘dictionary attack’ to get into accounts — a hack that involves automatically trying a number of passwords until the right one is found. Sites usually have locks in place to stop such an attack, by only allowing a certain number of tries of one password, but the tool claims to be able to bypass those,” Griffin reports. “A number of posters on Twitter and Reddit claimed to have used the tool successfully.”
“If it does work, setting up two-step verification — which requires users to enter a code sent to their phone — could keep such an attack at bay,” Griffin reports. “The creator of the tool said that they had released the ‘so Apple will patch it.’ But other security activists criticised the leak, and said that the user, who calls themselves pr0x13, should have informed Apple of the problem… iCloud vulnerabilities were also thought to be used to steal hundreds of leaked pictures of celebrities in what was called ‘The Fappening,’ in August and September.”
Read more in the full article here.