Apple was aware of the iCloud vulnerability which resulted in dozens of nude celebrity images being leaked earlier this month.
According to emails between Apple and noted security expert Ibrahim Balic, Cupertino was given information of a similar security flaw as early as March of this year. In an email from that month, Balic informed an Apple official that he had successfully bypassed the feature designed to stop a so-called “brute-force” attack taking place.
“Brute-force” attacks allow hackers to break passwords by trying thousands of different possible combinations, by skipping the feature that locks users out after several incorrect guesses.
Despite several emails to Apple, however, the problem was not fixed — with Apple apparently unconvinced that any hackers could find a valid authentication token for an account without it taking “an extraordinarily long time.”
Ibrahim Balic was the same security expert responsible for the discovery of a June 2013 security flaw in the Apple Developer Center, which resulted in the website being taken down.
“We take user privacy very seriously and are actively investigating this report,” Apple spokeswoman Natalie Kerris told Recode shortly after this month’s iCloud vulnerability.
Soon after, Apple patched a flaw that had allowed a piece of software on Github called iBrute to guess iCloud passwords repeatedly until it guessed correctly.
Source: The Daily Dot