Apple was informed of an iCloud security vulnerability that could lead to compromised user data as early as March 2014, a new report indicates. E-mails obtained by The Daily Dot reveal that London-based software developer Ibrahim Balic informed Apple on March 26 that he had successfully bypassed a “brute-force” security prevention measure, effectively allowing him to try over 20,000 password combinations on any iCloud account. Balic also informed Apple of the vulnerability using the company’s online bug reporter. Another e-mail dated May 6 shows that Apple was aware of the problem, with a representative continuing to question Balic on the nature of his discovery. Apple came under fire earlier this month with a high-profile celebrity photo hack involving iCloud accounts, and while Balic notes that the nature of the attack bears a “stark resemblance” to the issue he reported, it remains unclear if they are the same vulnerability.
Jesse Hollington was a Senior Editor at iLounge. He's written about Apple technology for nearly a decade and had been covering the industry since the early days of iLounge. In his role at iLounge, he provided daily news coverage, wrote and edited features and reviews, and was responsible for the overall quality of the site's content.