Apple Has Patched A Hole In iCloud That Let Hackers Access Anyone’s Account
Apple has fixed a vulnerability in its iCloud service that allowed the iDict tool to brute-force user passwords and hack into iCloud user accounts. The iDict tool, which its author Pr0x13 claimed can hack any iCloud user account was released by him on New Years Day and is available on GitHub here.
iDict used a hole in Apple’s security to repeatedly guess user passwords, allowing hackers to access any account given enough time. Pr0x13 had claimed that the bug was “painfully obvious” and “was only a matter of time” before hackers or cyber criminals found it.
Pr014 had stated that the flaw in Apple’s iCloud can be used to bypass security systems like passwords, security questions, and even two-factor authentication. iDict worked by guessing a user’s password by running through a long list of commonly used passwords until it hit upon the right one. Apple blocks these “brute force” attacks, but it seems that there was a hole in its security that iDict exploited.
Apple engineers worked overtime to address this flaw by implementing a Rate Limiter. The rate limiter feature now in place, blocks the users who try to access iCloud accounts more than three times. Pr013 also got the message that Apple has patched the hole and took to Twitter. He warned users not to use iDict as that would mean tester getting his/own iCloud being locked.
iDict is patched, Discontinue it's use if you don't want to lock your account #TheMoreYouKnow
— ! ? (@pr0x13) January 2, 2015
Apple has been surround with controversy regarding iClouds in 2013 when hackers managed to hack into several Hollywood celebrity iCloud accounts and leak up and personal photos on popular image boarding sites like 4Chan. The leaks forced Apple to implement the 2-Factor authentication on iCloud storage service.
It remains to be seen whether somebody exploited the flaw in iCloud in the timeframe of Pr0x13’s release of the tool and Apples patching of iCloud with Rate Limiter.