[NewsPoster]

A new hacking tool available on GitHub is claimed to be able to brute-force access to an iCloud account in a way that avoids Apple safeguards. Dubbed iDict, the tool performs "dictionary" attacks on target iCloud email addresses. Normally these would be stopped by Apple's rate-limiting measures for logins, but iDict disguises itself as an iPhone, a device which for whatever reason is exempt from those limits. At present, the malware offers little threat, but could become more menacing.

In its current incarnation, the tool is believed to pose little danger to users. It has a dictionary of just 500 words, which should make any even mildly-complex password safe. Because the hack uses a simple trick, it should also be easily fixable by Apple.

At the same time, though, the company has yet to make that fix, and a third party could potentially take the GitHub source code and upgrade it with a bigger dictionary and/or a way of randomizing password suggestions. As always, strong passwords that rely on a mix of random letters and numbers, along with two-step verification, should nullify any risk.

For now. When Apple gets light of this, they can easily rate limit iPhones.

In the meantime, use a strong password.

[pairof9s]

Gosh, I better change my password from "password" to something new.

[TheGreatButcher]

Apple is seeming a bit sloppy on cyber security. Late to the game on 2-step verification, implemented only as a response to a very public incident, and more backdoors like this.

[coffeetime]

Bummer. I am changing mine to 12345 (Spaceball).