Apple was informed of an iCloud security vulnerability that could lead to compromised user data as early as March 2014, a new report indicates. E-mails obtained by The Daily Dot reveal that London-based software developer Ibrahim Balic informed Apple on March 26 that he had successfully bypassed a “brute-force” security prevention measure, effectively allowing him to try over 20,000 password combinations on any iCloud account.
Balic also informed Apple of the vulnerability using the company’s online bug reporter. Another e-mail dated May 6 shows that Apple was aware of the problem, with a representative continuing to question Balic on the nature of his discovery.
Apple came under fire earlier this month with a high-profile celebrity photo hack involving iCloud accounts, and while Balic notes that the nature of the attack bears a “stark resemblance” to the issue he reported, it remains unclear if they are the same vulnerability.
.
