Apple iCloud bug ‘let ANYONE read your private iPhone notes’ – and was ‘kept a secret’, security expert claims

APPLE reportedly covered up a major privacy breach that gave hackers partial access to user iCloud accounts.

The supposed flaw was allegedly "kept secret" by Apple – and quietly fixed without alerting users to the problem.

Apple ranks iCloud privacy high on its list of priorities, after a 2014 leak exposed almost 500 private photos of female celebrities, including Jennifer Lawrence and Kate Upton.

The service stores Apple customers' files on servers, which can be accessed digitally at any time – freeing up space on your device, and keeping media backed up safely.

But a new report by The Hacker News claims that Apple "suffered a privacy breach" late last year.

The breach supposedly gave attackers access to view iCloud back-ups of files in the Notes app – where people store important notes, reminders and media.

This supposed flaw was discovered by Turkish security researcher Melih Sevim.

Sevim found that he could access random iCloud accounts – and even target specific iCloud users – just by knowing their phone numbers.

"Simply knowing a person's mobile phone number was allowing [the] attacker to see that person's iCloud data with this flaw," Melih told The Sun.

"[The] attacker was adding the victim's mobile number as his number without any verification.

"And Apple was syncing the iCloud data to [the] attackers account."

The issue is now believed to have been fixed, but there appears to be no public knowledge of the bug ever having existed.

And Melih claims that even though he alerted Apple to the problem, the company failed to pay him as part of its Bug Bounty reporting programme.

"My first discovery of this vulnerability was [the] end of October," said Melih, speaking to The Sun.

"My first contact with Apple was on the 12th of November about this issue.

"After my first contact they asked a lot of details and documentation about this. I answered all and prepared an article.

"Apple responded [quickly] – we were in frequent communication with them until they fix the flaw.

"After their job is done and the flaw is fixed, they stopped the conversation and stopped messaging back to me.

"Also they didn't give my bounty."

Melih supplied images of his email correspondence with Apple to The Sun.

He appears to have been asked by Apple to keep the bug secret, and to remove a video detailing the bug from YouTube.

Emails allegedly sent by Apple representatives asking Melih for more information.

But a later email sent by "Jill" from Apple Product Security says: "The issue that you reported was addressed prior to you sending us the information."

We've asked Apple for comment and will update this story with any response.

These latest allegations come at a difficult time for Apple.

This week it was revealed that a major FaceTime bug allowed strangers to eavesdrop on you through your iPhone's microphone.

Apple was forced to disable its new Group FaceTime feature to shutter the bug, while it works on releasing a fix.

You can find out how to disable FaceTime completely here.

But Apple has come under further fire after it emerged the company may have known about the bug for an entire week before telling the world.

Find out how to read deleted WhatsApp messages.

Read our guide on what to expect from the iPhone 11.

And discover the latest rumours about a new iPod Touch and iPad Mini 5.

Do you trust Apple with your privacy? Let us know in the comments!

We pay for your stories! Do you have a story for The Sun Online news team? Email us at tips@the-sun.co.uk or call 0207 782 4368 . We pay for videos too. Click here to upload yours.