Apple Reportedly Aware of iCloud Flaw Six Months Before Hacking of Celebrity Accounts

icloud_icon_blue Apple knew about an iCloud security flaw six months before it was utilized to hack celebrity accounts on the service, reports The Daily Dot. The company was notified of the exploit by independent security researcher Ibrahim Balic, who shared emails between himself and members of Apple's product security team.

In an email from March 2014, Balic told Apple that he was able to bypass the security of any iCloud account by using a "brute-force" hacking method that was able to try over 20,000 password combinations. Balic recommended to Apple that it should implement a feature in iCloud that prevents log-ins after a set number of failed attempts, and even reported the exploit through Apple's Bug Reporter. Balic was also the developer said to be behind the extended outage of Apple's Dev Center last year.

In May 2014, Apple emailed Balic and questioned the validity of the exploit, stating that it "would take an extraordinarily long time" to find a valid authentication token to get into an iCloud account using the flaw. Balic states that Apple continued to ask him about the exploit and how it would be utilized.

On September 1, 2014, hackers breached the iCloud accounts of many well-known actresses, downloading and leaking private photos and videos. While it was not initially known what caused the breach, The Next Web linked to a Python script on Github that may have been used for the hacking. The script utilized a brute-force like method which allowed hackers to keep guessing passwords without being locked out.

Apple acknowledged later in the day that it was investigating the breach, ultimately leading to comments from CEO Tim Cook along with new security implementations. Those implementations included automatic emails when iCloud accounts are accessed via web browsers, automatic two-factor authentication for iCloud.com, and mandatory app-specific passwords for third-party apps accessing iCloud.

Top Rated Comments

Jimrod Avatar
96 months ago
It's all going rather brilliantly at the moment isn't it.
Score: 81 Votes (Like | Disagree)
Xultar Avatar
96 months ago
I'm waiting or the not Apple's fault crowd.

I love apple products, the culture, heck I love everything about apple EXCEPT the excuses made for them. Apple prides itself on excellence. Until they no longer make quality and excellence a selling point their customers need to demand it and call them out when they under perform.

Making excuses for mistakes & sloppy work will not help Apple.
Score: 32 Votes (Like | Disagree)
maflynn Avatar
96 months ago
Wow, more good news for apple. They're really hitting their stride with bad press lately.

Bending phone
iOS 8.01 bug that should not have been rolled out
iCloud security issues that should have been addressed sooner.
Score: 31 Votes (Like | Disagree)
sshambles Avatar
96 months ago
Geeze, when it rains (bad news) it pours.
Score: 26 Votes (Like | Disagree)
Keniutek Avatar
96 months ago
LOL, apple realy is on a roll lately. Leaked pics, great keyonte stream, bend gate, ios8 and 8.0.1.
Bravo, well deserver Thanksgiving break ;).
Score: 19 Votes (Like | Disagree)
jamesrick80 Avatar
96 months ago
Surely wouldn't trust them with Apple pay now, imagine your credit card information stolen. :rolleyes:
Score: 19 Votes (Like | Disagree)

Popular Stories

safari icon blue banner

Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time [Updated]

Sunday January 16, 2022 3:37 pm PST by
A bug in WebKit's implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS. In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user's browsing session....
iPhone 14 Mock pill and hole thumb

ProMotion Now Expected to Remain Exclusive to iPhone 14 Pro Models, Not Expand to Entire Lineup

Sunday January 16, 2022 8:56 am PST by
Continuing the tradition set with the iPhone 13 Pro, only the highest-end iPhone 14 models will feature Apple's ProMotion display technology, according to a respected display analyst. Ross Young, who on multiple occasions has detailed accurate information about Apple's future products, said in a tweet that ProMotion will not be expanded to the entire iPhone 14 lineup and will remain...
iPad Air Feature 2 green

New Apple Products Filed in Regulatory Database, Likely Including New iPhone SE and iPad Air

Tuesday January 18, 2022 6:11 am PST by
Apple today filed unreleased iPhone and iPad models in the Eurasian Economic Commission database, as spotted by French blog Consomac. The filings likely represent the rumored third-generation iPhone SE, fifth-generation iPad Air, and potentially more. The unreleased iPhone models have the identifiers A2595, A2783, and A2784, while the unreleased iPad models have the identifiers A2588, A2589, ...
AirPods 3 New Firmware Feature

Apple Updates AirPods 3 Firmware to Version 4C170

Tuesday January 18, 2022 11:46 am PST by
Apple today released a new 4C170 firmware update for the AirPods 3, an update from the prior 4C165 that was made available in December. Apple does not offer details on what's included in new firmware updates for the AirPods‌, so we don't know what improvements or bug fixes the new firmware brings. There is no standard way to upgrade the ‌AirPods‌‌ software, but firmware is...
iphone 5g mmwave

U.S. Airlines Warn of 'Catastrophic' Crisis With Impending 5G Rollout, AT&T and Verizon Agree to Delay Around Airports

Tuesday January 18, 2022 10:35 am PST by
Verizon and AT&T's upcoming rollout of new C-Band 5G technology could cause chaos and lead to widespread delays of passenger and cargo flights, major U.S. airlines said on Monday in a letter sent to the White House National Economic Council, the FAA, and the FCC (via Reuters). "Unless our major hubs are cleared to fly, the vast majority of the traveling and shipping public will essentially...
iphone se 2020 top

iPhone SE With Larger 5.7-Inch Display May Launch in 2023, 'iPhone SE+ 5G' Also Rumored

Monday January 17, 2022 6:46 am PST by
Apple is planning to release a fourth-generation iPhone SE with a larger 5.7-inch display as early as 2023, according to display industry consultant Ross Young, who has proven to be a reliable source of information for future Apple products. The fourth-generation iPhone SE has until now been rumored to launch in 2024, but Young now says a 2023 release is looking more likely....
tesla carplay solution

Developer Showcases Apple CarPlay Workaround for Teslas

Monday January 17, 2022 7:24 am PST by
A Tesla Model 3 owner has resorted to a workaround to implement Apple CarPlay in his vehicle, amid no sign of official support from Tesla (via Tesla North). Apple CarPlay and Apple Music support are among the most-requested Tesla features, but with no indication that Tesla is willing to implement Apple CarPlay in its vehicles, Polish developer Michał Gapiński took matters into his own...
ipad air 4 video

New iPad Air Rumored to Launch This Spring With A15 Chip, 5G, Center Stage Camera, and More

Saturday January 15, 2022 8:05 pm PST by
Apple is planning to release a fifth-generation iPad Air with similar features as the sixth-generation iPad mini, including an A15 Bionic chip, 12-megapixel Ultra Wide front camera with Center Stage support, 5G for cellular models, and Quad-LED True Tone flash, according to Japanese blog Mac Otakara. Citing reliables sources in China, the report claims that the new iPad Air could be...