iCloud Keychain employs end-to-end encryption to synchronise secrets across devices enrolled in iCloud. We discovered a critical cryptographic implementation flaw which would have allowed sophisticated attackers with privileged access to iCloud communications to man-in-the-middle iCloud Keychain Sync and gain plaintext access to iCloud Keychain secrets.
Alex Radocea started in Security by testing firms from an office on Wall St at Matasano. He's worked on Product Security at Apple, Crowdstrike, and most recently the Security team at Spotify.