Apple Aware of iCloud Login Harvesting in China, Launches Browser Security Guide

by

Earlier this week, web censorship blog Great Fire suggested that hackers aligned with Chinese authorities were using man-in-the-middle attacks in order to harvest Apple ID information from Chinese users that visited Apple's iCloud.com website.

In a newly released support document (via The Wall Street Journal), Apple has confirmed that it is aware of the "intermittent organized network attacks" on iCloud users, but says that its own servers have not been compromised.

Apple is deeply committed to protecting our customers' privacy and security. We're aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don't compromise iCloud servers, and they don't impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.

Apple's support document goes on to stress the importance of digital certificates, suggesting that users who see an invalid certificate warning in their browser while visiting iCloud.com should not proceed. The company also outlines how users can verify that their browser is connected to iCloud.com and not a third-party man-in-the-middle website.

safariicloudverified
Apple asks users to make sure that a green lock icon is visible in Safari and that the message "Safari is using an encrypted connection to www.icloud.com" is displayed when the lock icon is clicked. Apple also has verification instructions for both Chrome and Firefox.

Unfortunately, many of the victims falling prey to the fake iCloud sites are not using secure browsers that issue warnings when fake websites are visited. According to Great Fire, many Chinese users access the Internet through popular Chinese browser Qihoo, which does not let users know that a fake site is harvesting their information.

The attack works by redirecting Chinese users attempting to access iCloud.com to a fake website that resembles the iCloud website. Users that log into the fake site provide attackers with logins and passwords that can be used to access contacts, messages, photos, and documents stored within iCloud.

Though Great Fire has suggested that Chinese authorities may be involved in the attacks, a spokeswoman for China's Foreign Ministry (via CNBC) said that Beijing was "resolutely opposed" to hacking.

Chinese users should switch to a trusted browser like Firefox or Chrome to avoid falling prey to the fake iCloud.com website, or use a VPN to bypass the redirection and log in directly to iCloud.com. Two-factor authentication should also be turned on as it can prevent unauthorized users from logging into an iCloud account even when a username and password are obtained.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Popular Stories

iOS 26

6 New Things Your iPhone Can Do in iOS 26.1

Wednesday October 29, 2025 4:22 am PDT by
Apple is about to drop iOS 26.1, the first major point release since iOS 26 was rolled out in September, and there are at least six notable changes and improvements to look forward to. We've rounded them up below. Apple has already provided developers and public beta testers with the release candidate version of iOS 26.1, which means Apple will likely roll out the update to all compatible...
Read Full Article61 comments
ios 26 1 slide to stop

iOS 26.1 Brings Back 2007 Feature in New Way

Friday October 31, 2025 1:40 pm PDT by
The upcoming iOS 26.1 update includes a small but helpful change for iPhones, and it could prevent you from running late to something important. Specifically, when an alarm goes off in the Clock app, there is a new "slide to stop" control on the screen for turning off the alarm. On previous iOS 26 versions, there is simply a large "stop" button, which could be accidentally tapped. The new ...
Read Full Article53 comments
iOS 26

iOS 26.1 Coming Soon: New Features for Your iPhone and Release Date

Monday October 27, 2025 7:55 am PDT by
The upcoming iOS 26.1 update includes a handful of new features and changes for iPhones, including a toggle for changing the appearance of the Liquid Glass design, "slide to stop" for alarms in the Clock app, and more. Below, we outline key details about iOS 26.1. Release Date Given that Apple has yet to seed an iOS 26.1 Release Candidate, which is typically the final beta version, the...
Read Full Article
M5 MacBook Pro

Waiting for New Macs? Apple Just Shared Bad News

Friday October 31, 2025 7:32 am PDT by
Apple has just given a strong indication that it will not be releasing any additional new Macs for the remainder of the year. Apple's CFO Kevan Parekh dropped the hint during the company's earnings call on Thursday:On Mac, keep in mind, we expect to face a very difficult compare against the M4 MacBook Pro, Mac mini, and iMac launches in the year-ago quarter.Parekh essentially gave a heads up ...
Read Full Article84 comments
iPhone 17 Pro Cosmic Orange

8 Reasons to Wait for Next Year's iPhone 18 Pro

Thursday October 30, 2025 4:42 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article118 comments
maxresdefault

Apple TV 4K Could Still Launch Before 2025 Ends: All the Rumored Features

Monday October 27, 2025 4:51 pm PDT by
Apple is designing an updated version of the Apple TV 4K, and rumors suggest that it could come out sometime in the next couple of months. We're not expecting a major overhaul with design changes, but even a simple chip upgrade will bring major improvements to Apple's set-top box. Subscribe to the MacRumors YouTube channel for more videos. We've rounded up all the latest Apple TV rumors. ...
Read Full Article161 comments
ipad mini 7 feature blue

OLED iPad Mini: Release Date, Pricing, and What to Expect

Wednesday October 29, 2025 7:13 am PDT by
Rumors are stoking excitement for the next-generation iPad mini that Apple is reportedly close to launching. So what should we expect from the successor to the iPad mini 7 that Apple released over a year ago? Read on to find out. Processor and Performance Apple is working on a next-generation version of the iPad mini (codename J510/J511) that features the A19 Pro chip, according to...
Read Full Article66 comments
Coffee Burgundy and Purple iPhone 18 Pro Mock 1

Leaker Outlines Potential New Colors for iPhone 18 Pro

Friday October 31, 2025 8:28 am PDT by
Apple's iPhone 18 Pro models could be available in new rich and warm color option, according to a known leaker. The Weibo user known as "Instant Digital" today suggested that next-year's iPhone 18 Pro models will be available in at least one of the following color options: Coffee, purple, and burgundy. The iPhone XR, iPhone 11, iPhone 12, iPhone 14, and iPhone 14 Pro were all available in ...
Read Full Article126 comments
apple tv hd

Apple Launched Its Big New Vision for TV 10 Years Ago Today

Thursday October 30, 2025 8:58 am PDT by
Apple launched the Apple TV HD, the Siri Remote, tvOS, and their accompanying App Store a decade ago today, marking a major overhaul of the device. The new vision for the Apple TV was unveiled on September 9, 2015 during Apple's "Hey Siri" event in San Francisco, where CEO Tim Cook introduced the device with the statement, "The future of TV is apps." The announcement represented a major...
Read Full Article87 comments

Top Rated Comments

Bahroo Avatar
Bahroo
144 months ago
I love how half-assed Apple security is.

----------



So Apple, the "innovators" makers of "magical and revolutionary" products, can't seem to figure out internet security? My boring old bank does a great job of it, yet this is not Apple's fault?


Are you on drugs bro? this isn't Apple's fault at all, its people in China , they made a fake iCloud website that looks just like the real one and if your using a 3rd party browser, you get routed to this fake website, and its very easy to spot that there is no SSL protection/no green box next to the website link, this is common sense, and isn't Apple's fault in any way at all. This is not a issue if you use reliable browsers like Firefox, Chrome, IE, etc
Score: 14 Votes (Like | Disagree)
Deelron Avatar
Deelron
144 months ago

So Apple, the "innovators" makers of "magical and revolutionary" products, can't seem to figure out internet security? My boring old bank does a great job of it, yet this is not Apple's fault?

I'm fairly sure your boring old bank would fail if their direct access to the Internet was compromised.
Score: 9 Votes (Like | Disagree)
Small White Car Avatar
Small White Car
144 months ago

So Apple, the "innovators" makers of "magical and revolutionary" products, can't seem to figure out internet security? My boring old bank does a great job of it, yet this is not Apple's fault?
Your boring old bank is open to EXACTLY this kind of attack in EXACTLY the same ways.

Furthermore, if I called your bank and asked them what to do about it they'd give the EXACT same advice Mac Rumors has given here.

EDIT: And before you come back and tell me about how your bank requires a picture of a parrot or a soccer ball or something, ask yourself if you think the people who don't know what an SSL lock looks like will be at all deterred from signing in when their favorite kind of bird doesn't show up this one time.
Score: 8 Votes (Like | Disagree)
iphonedude2008 Avatar
iphonedude2008
144 months ago
I'm fairly sure your boring old bank would fail if their direct access to the Internet was compromised.

This. Someone here gets it.
Score: 7 Votes (Like | Disagree)
iphonedude2008 Avatar
iphonedude2008
144 months ago
I love how half-assed Apple security is.

----------



So Apple, the "innovators" makers of "magical and revolutionary" products, can't seem to figure out internet security? My boring old bank does a great job of it, yet this is not Apple's fault?

He's saying its not apples fault because this is a phishing scam. The browser goes to a scam site instead of apple's. All they can do is tell user to check for the correct certificate, reset passwords, and enable 2 factor.
Score: 6 Votes (Like | Disagree)
Deelron Avatar
Deelron
144 months ago
Though Great Fire has suggested that Chinese authorities may be involved in the attacks, a spokeswoman for China's Foreign Ministry (via CNBC) said that Beijing was "resolutely opposed" to hacking.

You keep using that word, I do not think it means what you think it means.
Score: 6 Votes (Like | Disagree)
Read All Comments