Apple issues security warning for iCloud

Apple online storage service iCloud attacked via vulnerable security certificates.

By Silky Malhotra Published Date
22 - Oct - 2014
| Last Updated
22 - Oct - 2014
Apple issues security warning for iCloud

Apple has issues a new security warning to its iCloud online storage service users amid reports of a concerted effort to steal passwords and other data from people who use the popular service in China.

According to reports, some Chinese internet users have begun seeing warnings that indicate they had been diverted to an unauthorized website when they attempted to sign into their iCloud accounts. Security experts call it a “man in the middle” attack, this allows a third party to copy and steal the passwords that users enter when they think they are signing into Apple’s service. The passwords can be used by hackers to collect other data from the users’ accounts. Source: iCloud may have been hacked by Chinese government

Apple declined to comment on the allegations but has updated its technical support page to provide advice on how to protect against such attacks. Apple’s post did not mention China or provide any details on the attacks. However, the post stated that Apple's own servers have not been compromised.

Apple stated in a blog post on its support website, "We're aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously."

Apple warns that iCloud users should never enter their iCloud password if they get warnings about invalid digital certificates when visiting The blog post also mentions procedures which users can use to verify they are connected to Apple's legitimate site when using various browsers.

Apple warned iCloud users, “If users get an invalid certificate warning in their browser while visiting, they should pay attention to the warning and not proceed.”

Last month hackers had attacked iCloud accounts of celebrities and stolen photos. The tech giant stated after an investigation that the hackers had obtained the users’ passwords through “phishing attacks” or by guessing at the answers to security questions that allowed access. Apple stated that its servers were not breached in that case.

Source: Apple