Unless you’ve been living under a rock for the past month, you have no doubt read about the massive caches of nude celebrity photos and videos that leaked recently. In fact, the odds are fairly good that you’ve even seen some of them, or censored versions of them at the very least. Hackers reportedly obtained the private images by gaining access to online iCloud accounts belonging to more than a dozen celebrities including Kim Kardashian, Ariana Grande, Victoria Justice, Kate Upton, Kaley Cuoco, Aubrey Plaza and Jennifer Lawrence. Now, just in case Apple needed some more bad news, it has been revealed that Apple knew about the security vulnerability that led to the leaks at least six months ago, and it could have easily prevented them.
 |
Just days after the leak was determined to have come from iCloud,
Apple added a painfully simple security feature to prevent similar
hacks. Celebrity iCloud accounts were breached using a series of “brute
force” attacks. The process involves little more than constantly
attempting to log into an account by attempting hundreds of different
passwords each minute, and most responsible companies prevent such
attacks by temporarily disabling access to an account if there are too
many failed login attempts in a short period of time.
iCloud now has this simple security feature, and it took Apple no time at all to implement it.
Now, for the bad news: The Daily Dot reports
that had Apple known iCloud was susceptible to brute force attacks for
at least six months, but the company failed to put the aforementioned
security measure in place until it was too late.
Independent security researcher Ibrahim Balic discovered the iCloud
security flaw back in March of this year, and he emailed Apple’s product
security team more than once to notify them of the
vulnerability. Balic’s emails, which have now been made public, were
indeed received and acknowledged by the product security team, first in
March and then again in May of this year.
But Apple did nothing to fix the issue until it was too late.
One of Balic’s emails follows below and the others can be seen by following the link down in our source section.
