Security News

At this year's Apple Worldwide Developer Conference, Apple announced something called "iCloud Private Relay." That's basically its private version of onion routing, which is what Tor does. Privacy Relay is built into both the forthcoming iOS and MacOS versions, but it will only work if you're an iCloud Plus subscriber and you have it enabled from within your iCloud settings.

A security researcher claims he discovered a critical vulnerability in Apple's password reset feature that could have been used to take over any iCloud account, but Apple has downplayed the impact of the flaw. The issue, researcher Laxman Muthiyah says, was a bypass of the various security measures Apple has in place to prevent attempts to brute force the 'forgot password' functionality for Apple accounts.

WWDC Apple on Monday opened its 2021 Worldwide Developer Conference by promising a raft of operating system and privacy improvements - including a relay system to anonymize Safari connections, and randomized email addresses for online account signups. Apple pundits had anticipated an Arm-based MacBook Pro, yet no word of next-generation Apple Silicon machines surfaced.

Apple is once again demonstrating that it's all in on privacy with new user-protecting features for Mail, Siri, iCloud and additional app-tracking metrics. While there wasn't a single hardware announcement, as was hoped and predicted, the software announcements that Apple made at WWDC 2021 were extensive and are likely to be well-received by iPhone, iPad and Mac users, and privacy stands out as a central theme.

In July 2018, when Guizhou-Cloud Big Data agreed to a deal with state-owned telco China Telecom to move iCloud data belonging to Apple's China-based users to the latter's servers, the shift raised concerns that it could make user data vulnerable to state surveillance. Apple, in 2018, announced iCloud data of users in mainland China would move to a new data center in Guizhou province as part of a partnership with GCBD. The transition was necessitated to abide by a 2017 regulation that required all "Personal information and important data" collected on Chinese users "Be stored in the territory."

Apple's iCloud Mail service is suffering an outage since this morning, preventing some people from sending and receiving emails. Starting this morning at 7:13 AM EST, iCloud Mail users began reporting that they were having difficulty sending or receiving an email to their accounts.

A bug bounty hunter claims he has earned a $5,000 reward from Apple for reporting a stored cross-site scripting vulnerability on iCloud.com. Vishal Bharad, a researcher and penetration tester from India, published a blog post earlier this week describing his findings.

Apple has pulled iCloud 12 for Windows 10 from the Microsoft Store for what is believed to be issues with their new Chrome iCloud Keychain password synchronization feature. On January 26th, Apple released iCloud 12 with a new 'Passwords' feature, that when enabled, prompts users to install an 'iCloud Passwords' extension to synchronize and automatically fill in passwords saved in the iCloud Keychain.

Apple users are experiencing problems setting up new devices or accessing files stored on the cloud due to an ongoing iCloud outage that has lasted for more than 24 hours. Starting yesterday at 4:45 AM EST, Apple has been experiencing an outage with its iCloud service that prevents users from logging into the service, accessing files, or setting up new devices.

Among the flaws found in core portions of Apple's infrastructure includes ones that would have allowed an attacker to: "Fully compromise both customer and employee applications; launch a worm capable of automatically taking over a victim's iCloud account; retrieve source code for internal Apple projects; fully compromise an industrial control warehouse software used by Apple; and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources," he wrote. iCloud is an automatic storage mechanism for photos, videos, documents, and app related data for Apple products.