Security News

WWDC Apple on Monday opened its 2021 Worldwide Developer Conference by promising a raft of operating system and privacy improvements - including a relay system to anonymize Safari connections, and randomized email addresses for online account signups. Apple pundits had anticipated an Arm-based MacBook Pro, yet no word of next-generation Apple Silicon machines surfaced.

Apple is once again demonstrating that it's all in on privacy with new user-protecting features for Mail, Siri, iCloud and additional app-tracking metrics. While there wasn't a single hardware announcement, as was hoped and predicted, the software announcements that Apple made at WWDC 2021 were extensive and are likely to be well-received by iPhone, iPad and Mac users, and privacy stands out as a central theme.

In July 2018, when Guizhou-Cloud Big Data agreed to a deal with state-owned telco China Telecom to move iCloud data belonging to Apple's China-based users to the latter's servers, the shift raised concerns that it could make user data vulnerable to state surveillance. Apple, in 2018, announced iCloud data of users in mainland China would move to a new data center in Guizhou province as part of a partnership with GCBD. The transition was necessitated to abide by a 2017 regulation that required all "Personal information and important data" collected on Chinese users "Be stored in the territory."

Apple's iCloud Mail service is suffering an outage since this morning, preventing some people from sending and receiving emails. Starting this morning at 7:13 AM EST, iCloud Mail users began reporting that they were having difficulty sending or receiving an email to their accounts.

A bug bounty hunter claims he has earned a $5,000 reward from Apple for reporting a stored cross-site scripting vulnerability on iCloud.com. Vishal Bharad, a researcher and penetration tester from India, published a blog post earlier this week describing his findings.

Apple has pulled iCloud 12 for Windows 10 from the Microsoft Store for what is believed to be issues with their new Chrome iCloud Keychain password synchronization feature. On January 26th, Apple released iCloud 12 with a new 'Passwords' feature, that when enabled, prompts users to install an 'iCloud Passwords' extension to synchronize and automatically fill in passwords saved in the iCloud Keychain.

Apple users are experiencing problems setting up new devices or accessing files stored on the cloud due to an ongoing iCloud outage that has lasted for more than 24 hours. Starting yesterday at 4:45 AM EST, Apple has been experiencing an outage with its iCloud service that prevents users from logging into the service, accessing files, or setting up new devices.

Among the flaws found in core portions of Apple's infrastructure includes ones that would have allowed an attacker to: "Fully compromise both customer and employee applications; launch a worm capable of automatically taking over a victim's iCloud account; retrieve source code for internal Apple projects; fully compromise an industrial control warehouse software used by Apple; and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources," he wrote. iCloud is an automatic storage mechanism for photos, videos, documents, and app related data for Apple products.

Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account. Uncovered in February by Thijs Alkemade, a security specialist at IT security firm Computest, the flaw resided in Apple's implementation of TouchID biometric feature that authenticated users to log in to websites on Safari, specifically those that use Apple ID logins.

A perv who reportedly hacked people's iCloud accounts to obtain sexual images before sharing them online has been sent to prison for nearly three years. Tony Spencer of Victoria Hill, Eye, Suffolk, was found by Basildon Crown Court to have "Accessed iCloud accounts without the owners' consent" by using "Software", according to a police statement.