Vacuum security on iCloud appears to have allowed would-be hackers to repeatedly try different ones codeς accesss to user accounts of the service, without them being locked out as usual, after a number of failed attempts. So, in theory, it was possible to access any account after enough effort and a good dose of luck.As protothema says, Apple has immediately coped and corrected the security gap.
In the New Year, an iCloud account hacking "tool" was released by someone with the nickname pr0x13. That program it was called iDict and essentially automatically tested thousands of passwords against a large list of frequently used words and phrases. Its creator claimed that he could even access Apple's security questions or two-factor authentication process.
The following day @pr0x13 wrote to Twitter that the security gap was corrected and iDict no longer works.
ICloud had been found a few months ago to target attacks, with many actors, models and singers claiming that their bills had been violated, resulting in the spilling of "spicy" photos.
Apple had then argued that leakage incidents were the result of targeted attacks and not of a security vacuum, of course not knowing how many bills were actually violated and how many celebrities exploited the noise created to come back temporarily to the news.