Following reports that Chinese authorities are using a ‘man-in-the-middle attack‘ to gather usernames and passwords from iCloud users.
Apple has posted a support document with instructions on verifying a secure connection to the iCloud website.
Apple is deeply committed to protecting our customers’ privacy and security. We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.
The iCloud website is protected with a digital certificate. If users get an invalid certificate warning in their browser while visiting www.icloud.com, they should pay attention to the warning and not proceed. Users should never enter their Apple ID or password into a website that presents a certificate warning. To verify that they are connected to the authentic iCloud website, users can check the contents of the digital certificate as shown below for Safari, Chrome, and Firefox—each of which provides both certificate information and warnings.
Safari
When you’re connected to the authentic iCloud website in Safari, you’ll see a green lock icon in the toolbar next to Apple Inc. Choose the lock icon to see a message that says “Safari is using an encrypted connection to www.icloud.com.” This indicates that the connection is secure and you can sign in normally.
If you’re connecting to a website that isn’t secure, you’ll see a message that says “Safari can’t verify the identity of the website.” If you see this message, don’t proceed or attempt to sign in.
Chrome
When you’re connected to the authentic iCloud website in Chrome, you’ll see a green lock icon in the toolbar next to Apple Inc. Choose the lock icon to see a message confirming that the identity for the site has been verified.
If you’re connecting to a website that isn’t secure, you’ll see a message that says “Your connection is not private.” If you see this message, don’t proceed or attempt to sign in.
Firefox
When you’re connected to the authentic iCloud website in Firefox, you’ll see a green lock icon in the toolbar next to Apple Inc. Choose the lock icon to see a message confirming that the connection to this website is secure.
If you’re connecting to a website that isn’t secure, you’ll see a message that says “This Connection is Untrusted.” If you see this message, don’t proceed or attempt to sign in.
Leave a Reply