Apple Allegedly Knew of iCloud Brute-Force Vulnerability Since March

blottsie writes Apple knew as early as March 2014 of a security hole that left the personal data of iCloud users vulnerable, according to leaked emails between the company and a noted security researcher. In a March 26 email, security researcher Ibrahim Balic tells an Apple official that he's successfully bypassed a security feature designed to prevent "brute-force" attacks. Balic goes on to explain to Apple that he was able to try over 20,000 passwords combinations on any account.

Re:celebgate

Are you an iDiot or an iFan?

My bank allows only five mistakes before locking my account or swallowing my card. I have insurance for my car. If someone steals it (and it happened to me once), it's just a minor annoyance. As for my house, even if it's only a lock and an alarm, the moment the alarm goes off, I'll first get a call from ADT, then the police will come to check it out if I don't answer (most alarm companies here pay the local police to treat their call as a priority call).

As the OP said, protecting against brute force attack is basic security. This is another major screw up from Apple.

Re:Not Brute Force

[Eythian]

Probably he stopped there. It's enough to be fairly sure there's no brute force protection in place.