News Stay informed about the latest enterprise technology news and product updates.

Apple patches iCloud password vulnerability following hacking tool release

A hacking tool released on New Year's Day highlighted a security hole in Apple's public cloud service that left user accounts vulnerable.

Apple Inc. has patched a password vulnerability in its iCloud service that was targeted by a hacking tool released...

on New Year's Day.

The tool, dubbed "iDict," used a dictionary attack that exploits a security vulnerability in iCloud's rate-limiting protection and bypasses Apple ID lockout restrictions. The source code for the tool was posted on Github by a user named "Pr0x13."

"This bug is painfully obvious and was only a matter of time before it was privately used for malicious or nefarious activities, I publicly disclosed it so Apple will patch it," Pr0x13 wrote on the Github post.

The code includes a 500-word list of common passwords, such as "password1" or "Iloveyou," which the tool will enter into the password field for a given iCloud account. If a user's iCloud password was not on the iDict list, then the tool would not work. However, experienced hackers could easily swap out the existing list for different or much larger lists of passwords.

Though there's been no official word yet from Apple, various reports -- including an update on Pr0x13's Github post -- suggest Apple has fixed the vulnerability.

The release of iDict marks another major security hole for Apple's cloud service. Following a hack of several celebrity iCloud accounts in August, Apple came under fire for security shortfalls, which left iCloud accounts vulnerable to brute force attacks. With 24 hours of the hack being reported, Apple put a five-attempt password limit for iCloud accounts. Several weeks later, Apple introduced more robust multifactor authentication protection for iCloud.

Next Steps

Char Sample explains why enterprises should determine data value when using cloud storage services like iCloud

Dig Deeper on Public Cloud Computing Security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

Close