Skip to main content

iCloud vulnerability

Two 'iCloud vulnerability' stories September 2014
See All Stories

Apple aware of iCloud brute-force vulnerability six months before ‘Celebgate’

Avatar for Ben Lovejoy Sep 25 2014 - 5:34 am PT
29 Comments
Site default logo image

celebgate

The software developer credited by Apple for discovering last year’s developer center flaw says that he informed Apple of an iCloud weakness that may have been used to obtain celebrity nudes more than six months before the photos were accessed.

The Daily Dot reports that Ibrahim Balic advised Apple in March of a Find My Phone weakness that would allow brute-force attacks on iCloud accounts. It has been suggested that this may have been one of the methods used to access the accounts – or even complete iPhone backups – of celebrities … 
Expand
Expanding
Close

Vulnerability in Find My Phone service and weak passwords may explain alleged celebrity photo leaks

Avatar for Ben Lovejoy Sep 1 2014 - 4:47 am PT
50 Comments
Site default logo image

celebrity-hack

The Next Web is reporting that a vulnerability in the Find My Phone service may have allowed attackers to brute-force passwords in order to access the iCloud accounts of celebrities.

The vulnerability allegedly discovered in the Find my iPhone service appears to have allowed attackers to use this method to guess passwords repeatedly without any sort of lockout or alert to the target. Once the password has been eventually matched, the attacker can then use it to access other iCloud functions freely.

A tool to exploit the weakness was uploaded to Github, where it remained for two days before being shared on Hacker News … 
Expand
Expanding
Close

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing