a script runs that test every possible permutation of letters, numbers, and special characters; starting with most obvious (e.g. one-word, two-words, append a number ect) and increasing in complexity, until it finds a successful combination.
It's easy to defend. 1) lock out account after 5 attempts, or 2) require a waiting period between password attempts. Neither of which were implemented.
If true, this is very embarrassing for Apple Security.