Apple was informed about a weakness found in iCloud’s security six months before the “celebgate” (nude images captured from Hollywood celebrity’s iCloud accounts) kicked off, according to the Daily Dot. The newspaper points to emails exchanged between Apple and independent security researcher Ibrahim Balic, to back up its claim.
As it turns out, Balic notified Apple back in March that he had successfully bypassed a security feature meant to protect users from “brute force” attacks – methods used by hackers to crack passwords by trying endless key combinations until they get a match. This kind of attack is blocked by limiting the number of attempts a user can make to log in.
Balic was able to try over 20,000 password combinations, so he recommended the above method to Apple: to limit the number failed attempts.
Fast forward a couple months: In May, Apple contacted Balic confirming the validity of the exploit, and asked for more information.
The rest is history: While the Daily Dot is unsure if the hackers originating the “celebgate” used the same vulnerability Balic shared with Apple, the exploit Balic reported and the one used by the hackers bear a “stark resemblance” to each other, the security experts reviewing Balic’s documents told the newspaper.
Earlier this month, the Internet was flooded by nude pictures and videos of renowned actresses, as hackers got access to their iCloud accounts. Apple has acknowledged the issue, and as Tim Cook mentioned, implemented security measures.