Apple aware of iCloud brute-force vulnerability six months before ‘Celebgate’

celebgate

The software developer credited by Apple for discovering last year’s developer center flaw says that he informed Apple of an iCloud weakness that may have been used to obtain celebrity nudes more than six months before the photos were accessed.

The Daily Dot reports that Ibrahim Balic advised Apple in March of a Find My Phone weakness that would allow brute-force attacks on iCloud accounts. It has been suggested that this may have been one of the methods used to access the accounts – or even complete iPhone backups – of celebrities …  Read more

Vulnerability in Find My Phone service and weak passwords may explain alleged celebrity photo leaks

celebrity-hack

The Next Web is reporting that a vulnerability in the Find My Phone service may have allowed attackers to brute-force passwords in order to access the iCloud accounts of celebrities.

The vulnerability allegedly discovered in the Find my iPhone service appears to have allowed attackers to use this method to guess passwords repeatedly without any sort of lockout or alert to the target. Once the password has been eventually matched, the attacker can then use it to access other iCloud functions freely.

A tool to exploit the weakness was uploaded to Github, where it remained for two days before being shared on Hacker News …  Read more