By Brian Prince on September 01, 2014
Apple has patched a flaw that may be linked to the leak of salacious celebrity photos on the Web.
The flaw existed in the 'Find My iPhone' service. In order to use it, hackers would need to know the username of the account they are targeting. The vulnerability allowed attackers to guess passwords repeatedly without being locked out and without notifying the account owner. If the password was successfully guessed, the attacker could then access the iCloud account.
A tool for brute forcing the accounts was posted on GitHub. News of the patch followed reports that nude photos of celebrities such as 'Hunger Games' actress Jennifer Lawrence and model Kate Upton had been leaked on the Internet, and Anonymous and 4chan users claimed to have taken images from roughly 100 different celebrity accounts.
"There have been claims that iCloud may be involved, but it’s tricky to confirm even if all of the celebrities affected use Apple devices," blogged security researcher Graham Cluley. "Many folks are blissfully unaware about iPhone photos being automatically sent to an Apple iCloud internet server after it is taken. That’s great in some ways – it means it’s easily accessible on our other Apple devices – but might be bad in others."
SecurityWeek/ full article here/ http://www.securityweek.com/apple-patches-vulnerability-possibly-linked-celebrity-picture-leaks
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.