Apple is already since the end of march at the height of a vulnerability in iCloud, allowing attackers are behind the password of users to come via brute forceattacks. Nevertheless, it took until August before Apple with a solution.
The London based developer Ibrahim Balic Apple released on 26 march, at the height of the vulnerability and got a same day reply, writes news site the Daily Dot, on the basis of the e-mails from the developer. That developer is no stranger to Apple: the manufacturer thanked him previously for the report of an xss bug.
An Apple employee approached him again in may with the demand for more information and seemed to be ill at the height of what Balic exactly referred to. When the iPhone-maker, the vulnerability is learned via a script on Github, turned out to be a fix within a short time.
The vulnerability meant that users, unlimited passwords could recommend for the Find my iPhone service on iPhone devices. If an attacker that the password had become obsolete, they could thus also on other services of iCloud login. The vulnerability came out when Apple was under fire after photos from the iCloud accounts of American actresses and other celebrities to came out. It is unknown whether the vulnerability is exploited to some or all of the photos to steal.
As a result of the case with the stolen naaktselfies of celebrities has the iCloud administrator measures taken. So, users will get a notification if someone of a different device than usual to log in, and encourages the users to tweetrapsauthenticatie to use.
Comments
(242)