A vulnerability in iCloud could cause leakage of user data in the past year, however, Apple successfully was silent about the issue. Perhaps the incident was too insignificant to put someone on notice, but the reverse is not excluded.
According to employees of edition The Hacker News, last week they contacted the security researcher Melih Sevim (Sevim Melih). Sevim reported the discovery of a vulnerability in iCloud that allowed him to partially see the data, including notes, other users, just by knowing their phone numbers.
“I found that if I (the attacker) open my iCloud account during an active data exchange between the user and Apple’s servers, because the vulnerability will be able to view the random data in every update,” — said the researcher.
According to Sevim, he identified the problem in October 2018 and privately notified Apple about it. The company has fixed the vulnerability in November of the same year, however, in response to the message of the researcher said that the problem was fixed before he reported.
The journalists of the Hacker News has contacted Apple for comment. According to the company, the vulnerability was indeed relevant as of November last year. How long the problem has been corrected, Apple did not specify.
Read more •••