Apple patches iCloud security gap after celebrity photos hacked, reports say
The day after private, nude photos of actress Jennifer Lawrence and other celebrities were released online, Apple has reportedly patched a security gap that could have allowed hackers to access iCloud accounts.
Engadget reports that the vulnerability was exposed on the code hosting site Github. It says developers discovered that Apple's "Find My iPhone" feature could be compromised by so-called brute force attacks which try password after password until the right one is found to unlock an account. From there, the hackers might have been able to figure out a user's Apple ID and access their iCloud storage. Github says Apple has fixed the problem.
However, it is not clear whether this is the same, or the only, security flaw that allowed hackers to scoop up the photos of Lawrence and others.
CNET senior editor Dan Ackerman told "CBS This Morning" it looks like some of photos came from different devices, not just iPhones, and that the hacker or hackers may have accumulated them from various places over the course of a long period of time. "It may not be one person, it may be a group of people, and these may be photos that were put together over the course of months or years," he said.
Online posts on the websites 4chan and Reddit said photos of more than 100 celebrities were exposed when a hacker broke into their cloud-based storage.
Photos of the "Hunger Games" star Jennifer Lawrence in various stages of undress appeared online, along with private photos of actress Mary Elizabeth Winstead, model Kate Upton, and others. A spokesperson for Lawrence told CBS News the posts are "a flagrant violation of privacy" and said "the authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence."
Winstead and Upton acknowledged that the stolen photos of them were real, while two other victims, singer Ariana Grande and Nickelodeon star Victoria Justice, said the photos posted of them were fakes.