The bug, known as "ibrute," appears to have been first noted on the social coding site Github. It allowed hackers to access an individual's iCloud data by exploiting a weakness in Apple's "Find My iPhone" service, according to Engadget.
The problem was that Apple's service didn't employ so-called "brute force protection," which meant that anyone who wanted to break into a person's iCloud could repeatedly enter a large number of passwords without fear of being locked out, according to The Next Web.
Late Sunday, one or more anonymous users uploaded what were allegedly nude photos of dozens of celebrities, including Oscar-winning actress Jennifer Lawrence and Sports Illustrated model Kate Upton, to the image-sharing site 4chan. The anonymous user or users claimed the photos were obtained via Apple's iCloud, according to The Independent.
While the hackers' actual methods have yet to be established, many onlookers have speculated that they may have exploited the Find My iPhone bug to obtain the photos.
Apple iCloud brute-forcer: https://t.co/KPMflz80W4 - apparently FindMyPhone doesn't have brute force protection... related to celeb hacks?
-- Ross (@Hypn) September 1, 2014
It appears Apple has already fixed the "ibrute" security flaw. HackApp, the anonymous coder who claims to have discovered the hack, said Monday that Apple has "patched" the bug for the most part (though it apparently still persists in some regions of the world, according to a separate Reddit thread).
To see if Apple really had patched up the bug, The Next Web attempted to exploit the Find My iPhone hack early Monday and was "locked out [...] after five attempts, meaning [...] Apple has patched the hole."
HackApp has denied playing any part in the leak, tweeting Monday that he or she does not know of any relation between "ibrute" and the mass posting of photos on Sunday.
But before that, in a Twitter conversation with The Next Web's Owen Williams, HackApp did admit "that someone could [theoretically] use this tool" to hack into a celebrity's iCloud and rip photos and videos.
While we still don't know for certain what caused the hack, this is a good time to activate two-step verification for your device, a safe way to protect yourself from many common hacks. Over at Forbes, there's a nice rundown on how to do so.
Apple did not respond to a request for comment from The Huffington Post.
UPDATE, 4:15 p.m. -- Apple spokeswoman Natalie Kerris told Re/code that the company is "actively investigating" the issue.