iCloud.com seems to have been added to a group of websites and services under attack in China. A new report indicates that users attempting to log in to iCloud.com from an insecure browser that trusts China's Certification Authority are having their credentials captured. Users visiting through more secure browsers like Safari, Chrome, and Firefox will be presented with a warning when they navigate to the site.
According to GreatFire.org:
This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc. Unlike the recent attack on Google, this attack is nationwide and coincides with the launch today in China of the newest iPhone.
There are certain precautions you can take to avoid this attack. You can set up two-step verification for your iCloud account. You can also use more secure browsers, like Safari, Chrome, and Firefox. Additionally, and this is very important: follow the SSL/TLS security warnings when they are presented to you. If you suspect that your iCloud credentials have been compromised, then you should change your password immediately.
Again, the reported attack only affects users running insecure browsers that trust the Chinese Certification Authority. It will not impact Apple services directly, Apple's apps, or third-party apps that use proper validation.
It should be noted that the report of this attack is coming only from a single source. Users should, as always, take any normal security precautions, including those listed above. How do you keep your iCloud account secure? Let us know in the comments.
Source: GreatFire.org
No comments:
Post a Comment