Apple knew about iCloud’s vulnerabilities well before the attack

In a recent interview with Charlie Rose on PBS, Apple CEO Tim Cook said that the iCloud breach that leaked private celebrity photos wasn’t necessarily a security flaw on Apple’s side, but rather the result of a targeted phishing scheme. The company has since activated two-factor authentication to help boost the security of iCloud, but one developer says he informed Apple about the vulnerability as long as six months before the attack took place.

Apple knew as early as March 2014 of a security hole that left the personal data of iCloud users vulnerable, according to leaked emails between the company and a noted security researcher. The emails, obtained earlier this month by the Daily Dot and reviewed by multiple security experts, show Ibrahim Balic, a London-based software developer, informing Apple of a method he’d discovered for infiltrating iCloud accounts. The strength of Apple’s security came under fire earlier this month after hundreds of celebrity nude photos, allegedly stolen from iCloud servers, flooded the Internet. While the exploit Balic says he reported to Apple shares a stark resemblance to the exploit allegedly used in the so-called “Celebgate” hack, it is currently unclear if they are the same vulnerability.