Apple blocks tool that brute-forces iCloud passwords
Apple has fixed an issue that could have allowed attackers to launch brute-force attacks against iCloud users in order to guess their passwords.
The problem came to light after a proof-of-concept attack tool called iDict was released on GitHub in early January.
Developed by a user who uses the online alias Pr0x13, the tool was described as “100% Working iCloud Apple ID Dictionary attack that bypasses Account Lockout restrictions and Secondary Authentication on any account.”
It worked by trying out a large number of passwords for the targeted Apple IDs. By default the tool came with a file—also called a dictionary—containing 500 commonly used passwords, but the list could have easily been extended.