Apple knew that brute force could be used to prise open iCloud accounts in March of this year, according to emails leaked to tech website The Daily Dot.
Security researcher Ibrahim Balic informed the company that repeated password guesses would allow hackers to crack passwords, and recommended the firm implement a lockout policy to safeguard its users.
In an email written on March 26, he wrote: "I found a new issue regarding on Apple accounts. Same issue consist with other companies too. I would like to inform you for it to be fix. [sic]
"By this brute force attack method I can try over 20,000+ times passwords on any accounts. I think account lockout policy should be applied."
That same day Apple confirmed receipt of the information, which Balic also submitted through the company’s official bug reporting form.
The firm continued to follow up the issue as late as May 6, with an Apple employee arguing that the attack would take "an extraordinarily long time" to yield a valid authentication token.
Though the bug bears a resemblance to that which was blamed for the celebrity photo leaks at the end of August, it is unverified whether the two are related.
Apple’s chief executive Tim Cook has previously denied the firm was to blame for what happened, arguing that better security education was needed to tackle cybercrime.
Despite his protestations the company did update its iCloud security policy in the wake of the leaks, applying the sort of protection from brute force attacks that Balic had recommended and later implementing two-factor security across the service.
Earlier this month a software firm was also found to have developed a program that could bypass the authentication process for iCloud, which its creator believed was used to steal the celebrity photos.
Apple has been contacted for comment.