“Apple knew as early as March 2014 of a security hole that left the personal data of iCloud users vulnerable, according to leaked emails between the company and a noted security researcher,” Dell Cameron reports for The Daily Dot. “The emails, obtained earlier this month by the Daily Dot and reviewed by multiple security experts, show Ibrahim Balic, a London-based software developer, informing Apple of a method he’d discovered for infiltrating iCloud accounts.”
“While the exploit Balic says he reported to Apple shares a stark resemblance to the exploit allegedly used in the so-called ‘Celebgate’ hack, it is currently unclear if they are the same vulnerability,” Cameron reports. “In a March 26 email, Balic tells an Apple official that he’s successfully bypassed a security feature designed to prevent “brute-force” attacks—a method used by hackers to crack passwords by exhaustively trying thousands of key combinations. Typically, this kind of attack is defeated by limiting the number of times users can try to log in.”
“Balic goes on to explain to Apple that he was able to try over 20,000 passwords combinations on any account. The vulnerability was also reported by Balic using Apple’s online bug submission platform,” Cameron reports. “Soon after the Celebgate photos exploded across the Web, Apple reportedly patched the vulnerability [that allowed attackers to guess passwords repeatedly in the Find My iPhone service without any sort of lockout or alert to the target]. The company denied, however, that it was in any way linked to the Celebgate event. The theft of the photographs, a statement from the company insisted, was not the result of ‘any breach in any of Apple’s systems including iCloud or Find my iPhone.'”
Read more in the full article here.
Related articles:
Apple’s iCloud security nightmare gets worse as more nude celebrity pics leak – September 21, 2014
Since the celebrity nude iCloud hacks, one third of Americans have improved their online security – September 8, 2014
Apple denies iCloud breach – September 3, 2014
How easy is it to crack into an Apple iCloud account? We tried to find out – September 3, 2014
Celeb nudes: Comprehensive review of forum posts reveals no mention of ‘Find My iPhone’ brute force technique – September 2, 2014
Apple’s iCloud is secure; weak passwords and gullible users are not – September 2, 2014
Apple: No iCloud breach in celebrity nude photos leak – September 2, 2014
FBI, Apple investigating alleged iCloud hack of celebrity nude, sex photos and videos – September 2, 2014
Celebrity or not, Apple isn’t responsible for your nude photos – September 2, 2014
Apple ‘actively investigating’ Jennifer Lawrence, other nude celebrity photos hack – September 1, 2014
Apple’s iCloud not likely the sole source of leaked Jennifer Lawrence, other nude celebrity photos and videos – September 1, 2014