Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 28 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Apple was made aware of iCloud access flaw 6 months ago

by The Gurus
September 25, 2014
in Editor's News
Share on FacebookShare on Twitter

Apple was apparently aware of the flaw in iCloud for as long as six months before it was exploited.
 
According to emails obtained and published by the Daily Dot, software developer Ibrahim Balic informed Apple of a method he’d discovered for infiltrating iCloud accounts. He admitted that while the exploit shares a stark resemblance to the exploit allegedly used in the so-called “Celebgate” hack, it was unclear if it was the same vulnerability.
 
In an email sent on March 26th, Balic told an Apple official that he had successfully bypassed a security feature designed to prevent brute-force attacks and he was able to try over 20,000 passwords combinations on any account. He then followed up with Apple in May to report that it remained unfixed.
 
Apple however seemed more interested in how he had found the exploit, stating “using the information that you provided, it appears that it would take an extraordinarily long time to find a valid authentication token for an account”.
 
Balic later uploaded a YouTube video, which he says contains proof of his discovery, and Apple acknowledged Balic for reporting a cross-site scripting (XSS) vulnerability on its Web Server notification page.
 
Asked why a fix took so long to be applied, Stephen Coty, chief security evangelist at Alert Logic told IT Security Guru that when working with new vulnerabilities it takes software companies about six to 12 months to patch. “This is very typical and I’m sure that once Apple learned of the vulnerability, they started the process of researching and writing the patch,” he said

FacebookTweetLinkedIn
Tags: AppleFlawiCloud
ShareTweet
Previous Post

Kevin Mitnick begins selling "exclusive" zero-days for $100,000 minimum

Next Post

Bash bug disrupts Unix and Linux servers to hit internet

Recent News

software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023
ICS Reconnaissance Attacks – Introduction to Exploiting Modbus

ICS Reconnaissance Attacks – Introduction to Exploiting Modbus

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information