UPDATE
If you are concerned about cloud storage security, please read What if I was a cloud? and leave your feedback please. Thank you.
The end of fun, Apple have just patched
Here is appleID password bruteforce pOc. It's only p0c, so there is no
do it yourself
It uses Find My Iphone service API, where bruteforce protection was not implemented. Password list was generated from top 500 RockYou leaked passwords, which satisfy appleID password policy. Before you start, make sure it's not illegal in your country.
Be good :)
Follow us on twitter @hackappcom