Apple fixes an important iCloud vulnerability
Apple has fixed a vulnerability in the iCloud service (more precisely, in its “Find iPhone” function), which allowed attackers to carry out a brute force attack and pick up a password for the service account (i.e., get the Apple ID password). The attackers should have already known the email address of the account, then they used the script to exploit the service's vulnerability and access the account. Presumably, it was precisely this vulnerability that the attackers took, who stole photos of celebrities and placed them in open access.
Previously, the source texts of the iBrute tool for conducting this attack were placed on the GitHub resource. Thus, anyone could take advantage of this vulnerability and conduct an attack on the service (which in a normal situation should have blocked access to a user account after several unsuccessful attempts to enter the Apple ID password). Of course, users who used complex passwords to their accounts could be least affected by this vulnerability. In the description of the iBrute script file on GitHub, there is such a disclaimer now (see the screenshot below).
')
Previously, the source texts of the iBrute tool for conducting this attack were placed on the GitHub resource. Thus, anyone could take advantage of this vulnerability and conduct an attack on the service (which in a normal situation should have blocked access to a user account after several unsuccessful attempts to enter the Apple ID password). Of course, users who used complex passwords to their accounts could be least affected by this vulnerability. In the description of the iBrute script file on GitHub, there is such a disclaimer now (see the screenshot below).
')
It has been up to 100 celebrities.
Source: https://habr.com/ru/post/235235/
All Articles