Currently Apple locks a user's account if it notices many incorrect password attempts in a short amount of time. iDict bypasses the restriction and essentially has an "unlimited" amount of attempts to guess at an account's password. The tool uses a dictionary of common passwords and attempts to find a match, so if you're password isn't on the list, you're safe; however, another hacker could always use a different dictionary. Additionally, you need to have the account's email address in order to attempt to crack the password.
Pr0x13 says the hole was "painfully obvious" and it was only a matter of time before it was used privately for malicious activities; therefore, he released it publicly so Apple could close it.
Apple will surely patch this exploit quickly, especially with the recent hack on celebrity iCloud accounts. Interestingly enough, Apple's iCloud Photos app also disappeared earlier this morning, so perhaps the company is already aware of the issue and is working on a fix.
For now, we recommend using a very strong password!
Update: The exploit seems to now be patched.
Read More via Business Insider