Apple Aware of iCloud Login Harvesting in China, Launches Browser Security Guide

by

Earlier this week, web censorship blog Great Fire suggested that hackers aligned with Chinese authorities were using man-in-the-middle attacks in order to harvest Apple ID information from Chinese users that visited Apple's iCloud.com website.

In a newly released support document (via The Wall Street Journal), Apple has confirmed that it is aware of the "intermittent organized network attacks" on iCloud users, but says that its own servers have not been compromised.

Apple is deeply committed to protecting our customers' privacy and security. We're aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don't compromise iCloud servers, and they don't impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.

Apple's support document goes on to stress the importance of digital certificates, suggesting that users who see an invalid certificate warning in their browser while visiting iCloud.com should not proceed. The company also outlines how users can verify that their browser is connected to iCloud.com and not a third-party man-in-the-middle website.

safariicloudverified
Apple asks users to make sure that a green lock icon is visible in Safari and that the message "Safari is using an encrypted connection to www.icloud.com" is displayed when the lock icon is clicked. Apple also has verification instructions for both Chrome and Firefox.

Unfortunately, many of the victims falling prey to the fake iCloud sites are not using secure browsers that issue warnings when fake websites are visited. According to Great Fire, many Chinese users access the Internet through popular Chinese browser Qihoo, which does not let users know that a fake site is harvesting their information.

The attack works by redirecting Chinese users attempting to access iCloud.com to a fake website that resembles the iCloud website. Users that log into the fake site provide attackers with logins and passwords that can be used to access contacts, messages, photos, and documents stored within iCloud.

Though Great Fire has suggested that Chinese authorities may be involved in the attacks, a spokeswoman for China's Foreign Ministry (via CNBC) said that Beijing was "resolutely opposed" to hacking.

Chinese users should switch to a trusted browser like Firefox or Chrome to avoid falling prey to the fake iCloud.com website, or use a VPN to bypass the redirection and log in directly to iCloud.com. Two-factor authentication should also be turned on as it can prevent unauthorized users from logging into an iCloud account even when a username and password are obtained.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Popular Stories

iOS 26 Feature

iOS 26.1 to iOS 26.4 Will Add These New Features to Your iPhone

Saturday October 18, 2025 11:00 am PDT by
iOS 26 was released last month, but the software train never stops, and iOS 26.1 beta testing is already underway. So far, iOS 26.1 makes both Apple Intelligence and Live Translation on compatible AirPods available in additional languages, and it includes some other minor changes across the Apple Music, Calendar, Photos, Clock, and Safari apps. More features and changes will follow in future ...
Read Full Article110 comments
ios 26 1 liquid glass opaque

iOS 26.1 Beta 4 Lets Users Control Liquid Glass Transparency with New Toggle

Monday October 20, 2025 10:57 am PDT by
With the fourth betas of iOS 26.1, iPadOS 26.1, and macOS 26.1, Apple has introduced a new setting that's designed to allow users to customize the look of Liquid Glass. The toggle lets users select from a clear look for Liquid Glass, or a tinted look. Clear is the current Liquid Glass design, which is more transparent and shows the background underneath buttons, bars, and menus, while tinted ...
Read Full Article206 comments
iPhone Siri Glow

Some Apple Employees Have 'Concerns' About iOS 26.4's Revamped Siri

Sunday October 19, 2025 7:39 am PDT by
iOS 26.4 is expected to introduce a revamped version of Siri powered by Apple Intelligence, but not everyone is satisfied with how well it works. In his Power On newsletter today, Bloomberg's Mark Gurman said some of Apple's software engineers have "concerns" about the overhauled Siri's performance. However, he did not provide any specific details about the shortcomings. iOS 26.4 will...
Read Full Article353 comments
iOS 26

iOS 26.0.2 Update for iPhones Coming Soon

Friday October 17, 2025 7:35 am PDT by
Apple's software engineers continue to internally test iOS 26.0.2, according to MacRumors logs, which have been a reliable indicator of upcoming iOS versions. iOS 26.0.2 will be a minor update that addresses bugs and/or security vulnerabilities, but we do not know any specific details yet. The update will likely be released by the end of next week. Last month, Apple released iOS 26.0.1,...
Read Full Article48 comments
Apple iPad Pro hero M5

New iPad Pro Has Six Key Upgrades Beyond M5 Chip

Saturday October 18, 2025 10:57 am PDT by
While the new iPad Pro's headline feature is the M5 chip, the device has some other changes, including N1 and C1X chips, faster storage speeds, and more. With the M5 chip, the new iPad Pro has up to a 20% faster CPU and up to a 40% faster GPU compared to the previous model with the M4 chip, according to Geekbench 6 results. Keep in mind that 256GB and 512GB configurations have a 9-core CPU,...
Read Full Article100 comments
maxresdefault

Here's How the iOS 26.1 Transparency Toggle Changes Liquid Glass

Monday October 20, 2025 1:55 pm PDT by
With the fourth beta of iOS 26.1, Apple added a toggle that makes Liquid Glass more opaque and reduces transparency. We tested the beta to see where the toggle works and what it looks like. Subscribe to the MacRumors YouTube channel for more videos. If you have the latest iOS 26.1 beta, you can go to Settings > Display and Brightness to get to the new option. Tap on Liquid Glass, then...
Read Full Article153 comments
iOS 26

What's New in iOS 26.1 Beta 4

Monday October 20, 2025 1:02 pm PDT by
Even though we're at the fourth beta of iOS 26.1, Apple is continuing to add new features. In fact, the fourth beta has some of the biggest changes that we'll get when iOS 26.1 releases to the public later this month. We've rounded up what's new below. Liquid Glass Transparency Toggle Apple added a toggle for customizing the look of Liquid Glass. In Settings > Display and Brightness,...
Read Full Article34 comments
HomePod mini and Apple TV

Apple's Next Rumored Products: New HomePod Mini, Apple TV, and More

Thursday October 16, 2025 9:13 am PDT by
Apple on Wednesday updated the 14-inch MacBook Pro, iPad Pro, and Vision Pro with its next-generation M5 chip, but previous rumors have indicated that the company still plans to announce at least a few additional products before the end of the year. The following Apple products have at one point been rumored to be updated in 2025, although it is unclear if the timeframe for any of them has...
Read Full Article94 comments
kohler toilet sensor

Kohler Launches $600 iPhone-Connected Toilet Camera That Monitors Your Health Through Waste Analysis

Monday October 20, 2025 1:42 pm PDT by
Kohler is expanding its line of bathroom products with Dekoda, an iPhone-connected device that's designed to be attached to a toilet rim (via The Verge). The device's included "sensors" point into the toilet bowl, allowing it to analyze what goes on in the bathroom. According to Kohler, Dekoda is a health tracker that can monitor gut health and hydration, as well as detect the presence of...
Read Full Article188 comments

Top Rated Comments

Bahroo Avatar
Bahroo
144 months ago
I love how half-assed Apple security is.

----------



So Apple, the "innovators" makers of "magical and revolutionary" products, can't seem to figure out internet security? My boring old bank does a great job of it, yet this is not Apple's fault?


Are you on drugs bro? this isn't Apple's fault at all, its people in China , they made a fake iCloud website that looks just like the real one and if your using a 3rd party browser, you get routed to this fake website, and its very easy to spot that there is no SSL protection/no green box next to the website link, this is common sense, and isn't Apple's fault in any way at all. This is not a issue if you use reliable browsers like Firefox, Chrome, IE, etc
Score: 14 Votes (Like | Disagree)
Deelron Avatar
Deelron
144 months ago

So Apple, the "innovators" makers of "magical and revolutionary" products, can't seem to figure out internet security? My boring old bank does a great job of it, yet this is not Apple's fault?

I'm fairly sure your boring old bank would fail if their direct access to the Internet was compromised.
Score: 9 Votes (Like | Disagree)
Small White Car Avatar
Small White Car
144 months ago

So Apple, the "innovators" makers of "magical and revolutionary" products, can't seem to figure out internet security? My boring old bank does a great job of it, yet this is not Apple's fault?
Your boring old bank is open to EXACTLY this kind of attack in EXACTLY the same ways.

Furthermore, if I called your bank and asked them what to do about it they'd give the EXACT same advice Mac Rumors has given here.

EDIT: And before you come back and tell me about how your bank requires a picture of a parrot or a soccer ball or something, ask yourself if you think the people who don't know what an SSL lock looks like will be at all deterred from signing in when their favorite kind of bird doesn't show up this one time.
Score: 8 Votes (Like | Disagree)
iphonedude2008 Avatar
iphonedude2008
144 months ago
I'm fairly sure your boring old bank would fail if their direct access to the Internet was compromised.

This. Someone here gets it.
Score: 7 Votes (Like | Disagree)
iphonedude2008 Avatar
iphonedude2008
144 months ago
I love how half-assed Apple security is.

----------



So Apple, the "innovators" makers of "magical and revolutionary" products, can't seem to figure out internet security? My boring old bank does a great job of it, yet this is not Apple's fault?

He's saying its not apples fault because this is a phishing scam. The browser goes to a scam site instead of apple's. All they can do is tell user to check for the correct certificate, reset passwords, and enable 2 factor.
Score: 6 Votes (Like | Disagree)
Deelron Avatar
Deelron
144 months ago
Though Great Fire has suggested that Chinese authorities may be involved in the attacks, a spokeswoman for China's Foreign Ministry (via CNBC) said that Beijing was "resolutely opposed" to hacking.

You keep using that word, I do not think it means what you think it means.
Score: 6 Votes (Like | Disagree)
Read All Comments