You might recall that yesterday we reported that iCloud users in China were reportedly subject to a man-in-the-middle attack in which it was suspected that the Chinese government could be behind it. Well it looks like Apple has since acknowledged that there is something fishy going on, short of actually naming the Chinese government.
Apple has since released a statement warning users about potential attacks and how to best prevent your iCloud account from being compromised. “We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.”
Apple goes on to state that because the iCloud website is protected using a digital certificate, if users who visit iCloud.com and are given a warning message, then chances are they should not proceed as this would indicate that the website has an invalid certificate. Apple has also provided users with some examples of how the website should look like if it has a valid certificate, and how it looks like without a valid certificate.
For those unfamiliar with man-in-the-middle attacks, it basically where hackers place a “middle man” (or in this case a website) in between the user and the actual website they are visiting. This makes users believe they’re actually signing into the actual website, but in reality they are revealing their credentials to the hacker who might go on to use it to steal information.
. Read more about