Find My iPhone Vulnerability May Be Cause of Celebrity Leaks

You may well have seen the countless celebrity nude photos that flooded the internet the other day. First the reports blamed a supposed iCloud hack, but The Next Web has learned that a vulnerability in the Find My iPhone service may have allowed a brute force attack to gain access to iCloud accounts.

Bruteforce attack

Brute force attacks allow a user to use a script to guess passwords, until the correct one is found. The tool to enable such attacks was uploaded to GitHub where it remained for roughly two days, before Hacker News shared it.

Apple apparently patched the hole today at 3:20 am PT. It is yet unknown how long the vulnerability was exploitable, leaving those with easy passwords exposed, but as always, getting a good password manager and resetting your password always helps.

There is still no evidence that these images are coming from the iCloud account of these celebrities, as the hacker that originally leaked the images claims.

Apple refused to comment on the matter. We will update the post as soon as the company issues a statement regarding this issue.