Salient points from the article on the San Jose Mercury News:
“We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously,” the computer-maker said in a post Tuesday on its support website. The post said Apple’s own servers have not been compromised.
Apple, which is based in Cupertino, California, said in its post that the attacks have not affected users who sign into iCloud from their iPhones or iPads, or on Mac computers while using the latest Mac operating system and Apple’s Safari browser. But the company suggested users should verify they are connecting to a legitimate iCloud server by using the security features built into Safari and other browsers such as Firefox and Google’s Chrome. The browsers will show a message that warns users when they are connecting to a site that doesn’t have a digital certificate verifying that it is authentic.
“If users get an invalid certificate warning in their browser while visiting www.icloud.com, they should pay attention to the warning and not proceed,” Apple said in the post.
PYBT: Apple issues security warning for iCloud for the whole story.