Apple May Have Known About iCloud Vulnerability Months Before Nude Photo Scandal
The Daily Dot has obtained e-mails sent in March of this year by a UK software developer to Apple in which he details a way in which iCloud accounts could be compromised.
On March 26, he explains that he was able to get around a security feature intended to prevent hackers from repeatedly entering passwords until finally reaching the right one. These so-called “brute force” attacks are generally stopped by security protocols that prevent a user from logging in after a set number of failed attempts.
But the developer claims he figured out a way to try more than 20,000 different passwords on any iCloud account.
Apple later sent the developer questions about his claims, but it’s not know whether any action was taken in response to his bug report.
There is also the possibility that the vulnerability exploited by the hackers who stole the nude celebrity photos is not exactly the same one as detailed in the developer’s e-mails to Apple.
Apple claims that it has patched the problem that allowed the hackers to steal the photos and other files from iCloud accounts. It has also extended two-factor authentication, which requires that you enter a separate and unique four-digit code sent to the actual device every time you login to iCloud from a new location.
Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.