14 DAY TRIAL // A hacker identified as @Pr0x13 posted a hacking tool to GitHub a few hours ago claiming it to be capable of cracking iCloud accounts with simple passwords, potentially opening the door to a new iCloud breach as the one involving those nude celebrity pics last year.
iCloud Apple iD BruteForcer is a tool that can be used for “dictionary attacks,” a brute force method that involves trying out every word in the dictionary against Apple’s authentication request until it gets it right. It may sound primitive, but it’s still a widely-used method of breaching someone’s account.
Apple said you were safe
Apple’s systems were known to resist brute-force attacks, but @Pr0x13 claimed that his tool bypassed Apple’s restrictions. He described it on GitHub as “A 100% Working iCloud Apple ID Dictionary attack that bypasses Account Lockout restrictions and Secondary Authentication on any account.”
The hacker carefully noted that he would not take responsibility for any wrongdoings involving his code. He claimed he “publicly disclosed it so apple will patch it.”
Lightning-fast patch from Cupertino
In a rare and surprising manner, Apple did close the hole within hours of the news hitting the web. As far as the hacker himself is concerned, a more elegant approach would have been to report the flaw directly to Apple and refrain from making any hacking tools public.
However, the Mac maker rarely ever responds so briskly to matters like these, so maybe this was the right way to go. In all fairness, this flaw could have led to an all-new wave of iCloud leaks.