Pr0x13 has described this as a “100% working iCloud Apple ID Dictionary attack” and it was possible due to a “painfully obvious” bug and that it “was only a matter of time” before hackers or cyber criminals found it. Proxy13 intends to alert Apple of this serious bug therefore he has uploaded the tool on GitHub. Business Insider says that Pr0x13 won’t take responsibility for the exploit is used but wants everyone to know that his intentions were to alert Apple to the bug so that the company could patch it as soon as possible. Pr0x13 first notified the world about the tool through a Reddit thread where he described the tool as “NEW -Jan 1st 2015- 0Day- iDict Apple iD Bruteforcer bypass rate limiting.” The tool actually works by using brute-force method to hack the iCloud password. The tool hasnt been independently tested but several Twitter and Reddit users confirmed that the tool was indeed working. Gizmodo has stated that “iDict’ are limited by the size of the dictionary it uses to guess your password. So you’re really only in danger if your password is on the 500-word-long list included with the hacker tool.” The password list can be seen here. However around ten minutes ago, a Redittor commented on the same thread that Apple had patched the bug which was exploited by iDict by a Rate Limiter, which has also not been confirmed officially by Apple. The tool can be downloaded at GitHub here. We will bring the latest news on this one as it develops so stay tuned
