Over the past 24 hours, the web has gone nuts over leaked photos of over 100 celebrities including of award-winning actress Jennifer Lawrence and Kirsten Dunst, purportedly due to an Apple iCloud breach. Following the much publicised leaks, reports has surfaced about a Python script on GitHub that may have allowed users to ‘brute force’ a user’s account password on iCloud due to a vulnerability in the Find My iPhone service.
A brute-force attack is in layman’s terms ‘forcefully and repeatedly guessing passwords’ in an attempt to discover the correct one, done via a malicious script.
A flaw in the Find My iPhone service may have let hackers use the brute-force method to guess passwords repeatedly without bing locked out, or for the user to be notified of such attempts. Once breached, the hacker can then use it to fully access all iCloud functionality.
Apple seemed to have patched the hole as of today. Apple, however, has not commented on the incident.
There is still no concrete evidence that the leaked photos were obtained specifically via iCloud.
Hackapp, the creator of the Python script said that he has not seen any evidence of the the tool being used to exploit the iCloud flaw but admitted “someone could use this tool.”
Are you an iCloud user? Have you secured your password? Do you know where you’re backing up your photos to?