RKOV (paradoox) wrote,

Another iCloud Security Hole?

I already posted this to Facebook, but I'm posting it here for a wider / different distribution ...

This came from an email message I received from Elcomsoft.  I have no reason to doubt them.

In our continuous research of Apple cloud services, we discovered yet another bit of synced data that could be invaluable to investigators. It turns out that Apple's cross-device sync of Safari browsing history never destroys entries deleted by the user. As a result, we were able to extract deleted Safari browsing history records going back more than one year. An updated version of Elcomsoft Phone Breaker (6.40 or newer) is required to download the deleted records, while Elcomsoft Phone Viewer 3.25 or newer is needed to view those records.

All you need to download deleted Safari browsing history from iCloud are the user's Apple ID and password or their iCloud authentication token. If you opt for the token, you can bypass two-factor authentication checks.

Elcomsoft Phone Breaker 6.40 is available as a free update to owners of non-expired licensed for previous versions of Elcomsoft Phone Breaker or Elcomsoft Mobile Forensic Bundle.

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened