Over the last day there have been report of a number of attacks on Apple iCloud, with the attacks reportedly coming in China, and intercepting users who were signing into iCloud on the web.
Now Apple has issued a security warning telling people what to watch out for, and confirming that none of their iCloud servers have been compromised during the attacks.
Apple is deeply committed to protecting our customers’ privacy and security. We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.
The iCloud website is protected with a digital certificate. If users get an invalid certificate warning in their browser while visiting www.icloud.com, they should pay attention to the warning and not proceed. Users should never enter their Apple ID or password into a website that presents a certificate warning. To verify that they are connected to the authentic iCloud website, users can check the contents of the digital certificate as shown below for Safari, Chrome, and Firefox—each of which provides both certificate information and warnings.
You can find out more details about the iCloud security warning from Apple over at their support website at the link below.