Apple may have known about a vulnerability in iCloud about six months before the recent hacking scandal in which dozens of explicit celebrity photos were leaked, according to The Daily Dot.
The publication reportedly obtained emails between Apple and a security researcher that informed the company of a security hole back in March.
The security researcher, Ibrahim Balic, reportedly told Apple that he found a way to infiltrate iCloud accounts.
Balic said the vulnerability he reported to Apple seems very similar to the one that was believed to have been used by the hackers that ripped racy photos from celebrities iCloud accounts in early September, The Daily Dot reports. It still remains unclear, however, if the two vulnerabilities are the same or separate.
In one email, Balic warned Apple that iCloud seemed to be vulnerable to a technique known as “brute-force,” which is when an intruder attempts to guess passwords by trying thousands of difference character combinations. These attacks are usually hard to pull off since most systems lock you out after a certain number of failed password attempts.
Here’s a copy of that email published by The Daily Dot:
Balic told Apple he was able to try more than 20,000 password combinations.
In a separate email from May 2014, the issue seemed to be unfixed since Apple continued to question Balic about his methods.
After this month’s iCloud incident, in which private photos from celebrities such as Jennifer Lawrence, “The Big Bang Theory” actress Kaley Cuoco, and Kate Upton among other were leaked, Apple said it had made efforts to boost security. For example, the company expanded its two-step verification system to iCloud, and CEO Tim Cook published a letter detailing the company’s commitment to user privacy.