Apple Aware of iCloud Login Harvesting in China, Launches Browser Security Guide

Earlier this week, web censorship blog Great Fire suggested that hackers aligned with Chinese authorities were using man-in-the-middle attacks in order to harvest Apple ID information from Chinese users that visited Apple's iCloud.com website.

In a newly released support document (via The Wall Street Journal), Apple has confirmed that it is aware of the "intermittent organized network attacks" on iCloud users, but says that its own servers have not been compromised.

Apple is deeply committed to protecting our customers' privacy and security. We're aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don't compromise iCloud servers, and they don't impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.

Apple's support document goes on to stress the importance of digital certificates, suggesting that users who see an invalid certificate warning in their browser while visiting iCloud.com should not proceed. The company also outlines how users can verify that their browser is connected to iCloud.com and not a third-party man-in-the-middle website.

safariicloudverified
Apple asks users to make sure that a green lock icon is visible in Safari and that the message "Safari is using an encrypted connection to www.icloud.com" is displayed when the lock icon is clicked. Apple also has verification instructions for both Chrome and Firefox.

Unfortunately, many of the victims falling prey to the fake iCloud sites are not using secure browsers that issue warnings when fake websites are visited. According to Great Fire, many Chinese users access the Internet through popular Chinese browser Qihoo, which does not let users know that a fake site is harvesting their information.

The attack works by redirecting Chinese users attempting to access iCloud.com to a fake website that resembles the iCloud website. Users that log into the fake site provide attackers with logins and passwords that can be used to access contacts, messages, photos, and documents stored within iCloud.

Though Great Fire has suggested that Chinese authorities may be involved in the attacks, a spokeswoman for China's Foreign Ministry (via CNBC) said that Beijing was "resolutely opposed" to hacking.

Chinese users should switch to a trusted browser like Firefox or Chrome to avoid falling prey to the fake iCloud.com website, or use a VPN to bypass the redirection and log in directly to iCloud.com. Two-factor authentication should also be turned on as it can prevent unauthorized users from logging into an iCloud account even when a username and password are obtained.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

Bahroo Avatar
82 months ago

I love how half-assed Apple security is.

----------



So Apple, the "innovators" makers of "magical and revolutionary" products, can't seem to figure out internet security? My boring old bank does a great job of it, yet this is not Apple's fault?



Are you on drugs bro? this isn't Apple's fault at all, its people in China , they made a fake iCloud website that looks just like the real one and if your using a 3rd party browser, you get routed to this fake website, and its very easy to spot that there is no SSL protection/no green box next to the website link, this is common sense, and isn't Apple's fault in any way at all. This is not a issue if you use reliable browsers like Firefox, Chrome, IE, etc
Score: 14 Votes (Like | Disagree)
Deelron Avatar
82 months ago


So Apple, the "innovators" makers of "magical and revolutionary" products, can't seem to figure out internet security? My boring old bank does a great job of it, yet this is not Apple's fault?


I'm fairly sure your boring old bank would fail if their direct access to the Internet was compromised.
Score: 9 Votes (Like | Disagree)
Small White Car Avatar
82 months ago


So Apple, the "innovators" makers of "magical and revolutionary" products, can't seem to figure out internet security? My boring old bank does a great job of it, yet this is not Apple's fault?

Your boring old bank is open to EXACTLY this kind of attack in EXACTLY the same ways.

Furthermore, if I called your bank and asked them what to do about it they'd give the EXACT same advice Mac Rumors has given here.

EDIT: And before you come back and tell me about how your bank requires a picture of a parrot or a soccer ball or something, ask yourself if you think the people who don't know what an SSL lock looks like will be at all deterred from signing in when their favorite kind of bird doesn't show up this one time.
Score: 8 Votes (Like | Disagree)
iphonedude2008 Avatar
82 months ago

I'm fairly sure your boring old bank would fail if their direct access to the Internet was compromised.


This. Someone here gets it.
Score: 7 Votes (Like | Disagree)
iphonedude2008 Avatar
82 months ago

I love how half-assed Apple security is.

----------



So Apple, the "innovators" makers of "magical and revolutionary" products, can't seem to figure out internet security? My boring old bank does a great job of it, yet this is not Apple's fault?


He's saying its not apples fault because this is a phishing scam. The browser goes to a scam site instead of apple's. All they can do is tell user to check for the correct certificate, reset passwords, and enable 2 factor.
Score: 6 Votes (Like | Disagree)
Deelron Avatar
82 months ago

Though Great Fire has suggested that Chinese authorities may be involved in the attacks, a spokeswoman for China's Foreign Ministry (via CNBC) said that Beijing was "resolutely opposed" to hacking.


You keep using that word, I do not think it means what you think it means.
Score: 6 Votes (Like | Disagree)

Top Stories

lg wing

LG Considering Exit From Smartphone Business, Halts LCD Production for iPhone

Wednesday January 20, 2021 5:38 am PST by
LG is considering exiting the smartphone business entirely amid declining shipments and accrued losses of $4.5 billion over the past five years (via The Korea Herald). LG CEO Kwon Bong-Seok cautioned staff earlier today that the company is re-evaluating its presence in the smartphone industry: Since the competition in the global market for mobile devices is getting fiercer, it is about...
google maps detailed street level e1611052089473

Google Maps Gains Enhanced Street-Level Detail in Four Major Cities

Tuesday January 19, 2021 2:34 am PST by
Google Maps has quietly been updated to include significantly more detailed street-level information in a handful of key cities around the world. Upon zooming in, Google's maps for Central London, Tokyo, San Francisco, and New York now benefit from shapes and widths that match the scale of roads more accurately. Meanwhile, enhanced graphical representations of sidewalks, crosswalks,...
2019 mac pro side and front

Tim Cook Gifted Donald Trump 'First' 2019 Mac Pro

Wednesday January 20, 2021 5:45 pm PST by
Apple CEO Tim Cook gifted former United States President Donald Trump with the first 2019 Mac Pro that came off of the assembly line in Austin, Texas, according to a financial disclosure report that was released today (via The Verge). "Mac Pro Computer, the first created at the Flex Factory in Austin, Texas," reads the entry, which values the machine at $5,999, the base price for a Mac Pro....
airpods max sim ejector

AirPods Max Headband Removable With Just a SIM Ejector Tool, Hinting at Interchangeable Headbands

Tuesday January 19, 2021 8:25 am PST by
It is possible to remove the headband of AirPods Max with just a standard SIM card ejector tool, hinting at the possibility of interchanging headbands to achieve a different colorway. Image via Prelook In December, MacRumors revealed the large variety of AirPods Max ear cushion color combinations when it became clear that they were magnetically attatched and available for sale separately....
iphone 5s black slate

Images of Unreleased iPhone 5s in Black and Slate Shared Online

Sunday January 17, 2021 9:47 am PST by
Twitter user @DongleBookPro has today shared images of a prototype iPhone 5s in an unreleased Black and Slate color. The iPhone 5s was launched in September 2013. The device featured Touch ID, a 64-bit processor, and a True Tone LED flash for the first time. Other new features included a five-element lens with an f/2.2 aperture, a 15 percent larger camera sensor, Burst Mode, and Slo-Mo...
iphone 12 vs iphone 12 mini

Apple Shifting Some Production From iPhone 12 mini to iPhone 12 Pro to Meet Demand

Wednesday January 20, 2021 8:12 am PST by
Apple has reportedly cut production of the iPhone 12 mini by two million units to create more manufacturing capacity for the iPhone 12 Pro, according to a new Morgan Stanley investment note seen by PED30. Apple is believed to have made the switch for the first quarter of 2021 in an effort to combat continuing lead times for the more popular iPhone 12 Pro. iPhone 12 Pro lead times remain ...
Apple VR Feature

Bloomberg: Apple's First AR/VR Headset 'Pricey, Niche Precursor' to More Ambitious AR Glasses and Could Launch Next Year

Thursday January 21, 2021 3:27 am PST by
Apple's first virtual reality headset will be a "pricey, niche precursor" to a more ambitious augmented reality product, according to a new report from Bloomberg's Mark Gurman. As a mostly virtual reality device, it will display an all-encompassing 3-D digital environment for gaming, watching video and communicating. AR functionality, the ability to overlay images and information over a view...
shot on iphone 12 apple

Apple Highlights Photos Shot by iPhone 12 Users: Portraits, Cityscapes, and More

Tuesday January 19, 2021 6:05 am PST by
Apple today shared a gallery of photos shot by customers using the iPhone 12 mini, iPhone 12, iPhone 12 Pro, and iPhone 12 Pro Max, with scenes including cityscapes, landscapes, portraits of people, and more at day and night. Shot on iPhone 12 Pro Max by "NKCHU" in China (top) and shot on iPhone 12 Pro Max by Rohit Vohra in India (bottom) iPhone 12 mini and iPhone 12 models have a dual camera ...
Apple and Hyundai feature

Apple Car Production Again Linked to Kia Motor's US Plant in Georgia

Tuesday January 19, 2021 4:19 am PST by
Hyundai intends to transition the company's Apple Car involvement to its Kia brand as part of an internal arrangement that could see production move to the U.S., according to a new report today. On Sunday, Korea IT News reported that Apple and Hyundai are seeking a partnership agreement for the upcoming Apple Car by March, and that the electric vehicles could be made at a Georgia factory...
iPhone 13 Notch Feature

iPhone 13 Rumored to Feature Smaller Notch, Pro Model Cameras to Use Larger Image Sensor

Thursday January 21, 2021 1:38 am PST by
Apple's iPhone 13 series will feature a redesigned Face ID system that will allow for a smaller notch at the top of the screen, according to a new report today. The rumor comes via hit-and-miss Taiwanese industry publication DigiTimes, whose supply chain sources also claim that the ultra wide-angle lens in Apple's next-generation iPhones is due for an upgrade. The next-generation iPhones'...