iDict iOS 8 – iCloud Vulnerability Finally Patched by Apple

Last week we told you about iDict, a new brute force tool published to GitHub that could be used to hack into any Apple iCloud account. At the time, the creator, Pr0x13, said that he had released the code because it was such an obvious flaw he wanted to force Apple into patching it.

Image : iDict iOS 8 – iCloud Vulnerability Patched

iphone 6 idict icloud fix

Today, Apple has done just that with an increase in security. Last year was not a good one for Apple with numerous attacks on iCloud, including the celebrity photo hack that saw hundreds of private images of celebrities uploaded to the web. Up until then, the Cupertino Company managed to stay out of the limelight with regards to security issues but, on New Year’s Day, it got a whole lot worse for them.

iDict uses a dictionary of common passwords to hack away at an iCloud account until it guesses the right one. This shouldn’t be allowed to happen, for two reasons:

  • Two-step verification should stop any unauthorized user in their tracks
  • After the celebrity hacks, security was increased to lock out any user after 5 incorrect login attempts.

Image : iDict Hacktool Interface

idict hacktool

Unfortunately, for Apple, iDict claimed to be able to get past both of those and a number of Twitter and Reddit users confirmed that the tool did indeed bypass the restrictions. However, although they have stayed very quiet throughout, Apple has now located and patched the security flaw that was being used.

Apple is not big on making statements when they are in the process of protecting the privacy of their customers. That said, iCloud seems to be a highly tempting target for hackers and there is a good chance that the security team on the campus are going to be incredibly busy n the future.

However complicated your Apple password is, it is strongly recommended that you enable two-step verification immediately and save yourself from a lot of heartache and possible embarrassment in the future. While this latest tool may only have targeted weak passwords, there is nothing to say that the next hacker won’t be able to go even further.

Subscribe to our newsletter and follow us on Facebook and Twitter; updates will be sent direct to your inbox.



Leave a Reply

Your email address will not be published. Required fields are marked *