The iCloud Flaw That Could Have Caused the Nude Celeb Leaks
Expand
Over the weekend, there's been a slew of images released showing celebrities in varying states of undress. Now, it appears that a flaw in iCloud could be responsible for the images making their way online.
The Next Web reports that a Python script has appeared on Github that "appears
to have allowed malicious users to 'brute force' a target account's
password on Apple's iCloud." Based on a vulnerability in the Find my
iPhone service, the software was able to repeatedly guess passwords very
quickly in an attempt to find the right one. Usually multiple guesses
lock accounts down, but the flaw in Find my iPhone meant that didn't
happen.
The
software sat on Github for two days, before appearing on Hacker News
and then swiftly being patched by Apple today at 3:20 am PT. The Next Web has since tried using the tool, which now quickly locks accounts—suggesting that it does indeed brute forces passwords but has now been patched.
It's
unclear when the hole first appeared and how long people have been
using it. The fact that the hacker who originally leaked the celeb
images claimed they were retrieved from iCloud suggests that it could have been this hole being used. That remains somewhat speculative, though: The Independent reports that Apple has, unsurprisingly, "refused to comment" on any security flaw in iCloud today. [The Next Web]
No comments:
Post a Comment
Please leave a comment-- or suggestions, particularly of topics and places you'd like to see covered