Apple Reportedly Aware of iCloud Flaw Six Months Before Hacking of Celebrity Accounts
Apple knew about an iCloud security flaw six months before it was utilized to hack celebrity accounts on the service,
reports The Daily Dot. The company was notified of the exploit by independent security researcher Ibrahim Balic, who shared emails between himself and members of Apple's product security team.
In an email from March 2014, Balic told Apple that he was able to bypass the security of any iCloud account by using a "brute-force" hacking method that was able to try over 20,000 password combinations. Balic recommended to Apple that it should implement a feature in iCloud that prevents log-ins after a set number of failed attempts, and even reported the exploit through Apple's Bug Reporter. Balic was also the developer said to be
behind the extended outage of Apple's Dev Center last year.
In May 2014, Apple emailed Balic and questioned the validity of the exploit, stating that it "would take an extraordinarily long time" to find a valid authentication token to get into an iCloud account using the flaw. Balic states that Apple continued to ask him about the exploit and how it would be utilized.
On September 1, 2014, hackers
breached the iCloud accounts of many well-known actresses, downloading and leaking private photos and videos. While it was not initially known what caused the breach,
The Next Web linked to a Python script on Github that may have been used for the hacking. The script utilized a brute-force like method which allowed hackers to keep guessing passwords without being locked out.
Apple acknowledged later in the day that it was investigating the breach, ultimately leading to
comments from CEO Tim Cook along with new security implementations. Those implementations included
automatic emails when iCloud accounts are accessed via web browsers,
automatic two-factor authentication for iCloud.com, and
mandatory app-specific passwords for third-party apps accessing iCloud.
Recent Mac and iOS Blog Stories •
Apple Launches Yosemite 'AirDrop Test Fest' For AppleSeed Members •
iPhone 6 Touch ID Still Vulnerable to Specialized Fake Fingerprint Hack •
Now TV Adds New Entertainment and Sky Movies Passes to Apple TV in UK •
iPhone 6 Plus Bending Limits Tested in New Video •
Apple Opening Retail Store in Hanover, Germany on September 27 •
'iPod Father' Tony Fadell Comments on Discontinuation of iPod Classic •
Apple Releases OS X Yosemite Mail Update for Developers and Public Beta Testers •
iPhone 6 and 6 Plus Capable of Faster Charging Using iPad 2.1A Adapter<img width='1' height='1' src='
http://rss.feedsportal.com/c/35070/f/648327/s/3ed05449/sc/4/mf.gif' border='0'/><br clear='all'/>
<a href="
http://da.feedsportal.com/r/208961224230/u/49/f/648327/c/35070/s/3ed05449/sc/4/rc/1/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/208961224230/u/49/f/648327/c/35070/s/3ed05449/sc/4/rc/1/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/208961224230/u/49/f/648327/c/35070/s/3ed05449/sc/4/rc/2/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/208961224230/u/49/f/648327/c/35070/s/3ed05449/sc/4/rc/2/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/208961224230/u/49/f/648327/c/35070/s/3ed05449/sc/4/rc/3/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/208961224230/u/49/f/648327/c/35070/s/3ed05449/sc/4/rc/3/rc.img" border="0"/>[/url]
<img src="[url]http://da.feedsportal.com/r/208961224230/u/49/f/648327/c/35070/s/3ed05449/sc/4/a2.img" border="0"/>[/url]<img width="1" height="1" src="
http://pi.feedsportal.com/r/208961224230/u/49/f/648327/c/35070/s/3ed05449/sc/4/a2t.img" border="0"/><div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>[/url]
</div><img src="
http://feeds.feedburner.com/~r/MacRumors-Front/~4/_taRlnx87-Q" height="1" width="1"/>
Source:
Apple Reportedly Aware of iCloud Flaw Six Months Before Hacking of Celebrity Accounts
