The rapid advances in the speed of corporate networks have only made the problem worse. Hence, today’s security software may not be able to keep up with this rapid advance of speed. Computer security within big businesses have become highly significant.
Many current events within the last couple of years has brought cyber security to a new level of importance. Such as, “The Chinese hackers” case where five men were charged for hacking into United States institutions in order to obtain sensitive information for Chinese companies. These men were apart of the Chinese military. Another event is the iCloud photos breach. In the year 2014, many famous people have got their iCloud hacked into then to find their leaked photos online.
On Monday, a Python script emerged on GitHub (which we’re not linking to as there is evidence a fix by Apple is not fully rolled out) that appears to have allowed malicious users to ‘brute force’ a target account’s password on Apple’s iCloud, thanks to a vulnerability in the Find My iPhone service. Brute-force attacks consist of using a malicious script to repeatedly guess passwords in an attempt to discover the correct one.
The vulnerability allegedly discovered in the Find My iPhone service appears to have let attackers use this method to guess passwords repeatedly without any sort of lockout or alert to the target. Once the password has been eventually matched, the attacker can then use it to access other iCloud functions freely.
Users on Twitter were able to use the tool from GitHub — which was published for two days before being shared to Hacker News — to access their own accounts before it seems Apple patched the hole today. The owner of the tool noticed it was patched at 3:20am PT.