AAPL Stock: 118.03 ( -0.85 )

Printed from

Python script attacking Find My iPhone may be behind celebrity leaks

updated 01:13 pm EDT, Mon September 1, 2014

Vulnerability in Find My iPhone authentication system patched today

A script which allowed access to iCloud servers may have been behind the recent celebrity photo leaks, a report suggests. A Python script which discovered the password of an iCloud account has surfaced, with an apparent vulnerability in Find My iPhone potentially allowing attackers to "brute force" attack an account without any lockout or warning to the account owner.

The script was posted on GitHub on Monday, reports The Next Web, and heavily relied on Find My iPhone's lack of restriction on the number of attempts. Once the account password was found, the attacker could then use the complete set of credentials to access other Apple services including iCloud. According to the report, the script owner discovered Apple had patched the vulnerability earlier today, with the service now locking users out after five attempts.

The creator, a Twitter user by the name of Hackapp, said the bug "is common for all services which have many authentication interfaces," and it is "trivial" to find them using a "basic knowledge of sniffing and reversing techniques."

While the timing of the script's appearance coincides with that of the celebrity leaks, there is no direct evidence tying the two together. Apple has yet to comment about the allegations.

by MacNN Staff



Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented