New iCloud Vulnerability Can Compromise Your Account Through Brute Force
While Apple’s operating systems and softwares are generally considered to be one of the safest around, owing to their closed nature, nevertheless, vulnerabilities do occur. One of these resulted in a massive iCloud hack last year which resulted in private images of dozens of celebrities which included the likes of Kate Upton and Jennifer Lawrence getting posted online. You can take a look at our in depth coverage of the incident here. The source of the hack was a vulnerability in Apple’s systems that enabled users to brute force iCloud passwords. However looks like another brute force vulnerability has been discovered in the iCloud.
A new tool posted today on GitHub claims to be able to perform dictionary attacks on iCloud accounts. What this means is that any users that have set simple dictionary words as their iCloud passwords are now at a risk for their account being broken into through bruteforce. The tool uses a rather simple procedure for its nefarious purposes. It simply tries every word in a 500 words long list for a given password for a given iCloud account.
So if your iCloud password is one of the words the tool tries out, you’re out of luck as the hacker can now access the data stored on your iCloud account. The tool manages to do this by being able to avoid Apple’s rate limiting procedure introduced last year and carries out its activities by simply pretending to be an iPhone. The tool’s poster claims that he has not tested it on any account so far and has posted it on GitHub to bring it to Apple’s attention so that the vulnerability that was ”painfully obvious” can be patched and fixed by Apple. So lets hope that Apple fixes this vulnerability soon as possible before it can be developed into something more sinister.