First off, here’s a link to the post on the Apple Web site: Apple update on iCloud.com security.
Next, Sean Gallagher, on Ars Technica, posted a great user-friendly summary of a piece on greatfire.org, which tells us this issue with iCloud is coming from the Chinese government:
GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system (often referred to as the “Great Firewall”), reports that China is using the system as part of a man-in-the-middle (MITM) attack on users of Apple’s iCloud service within the country. The attacks come as Apple begins the official rollout of the iPhone 6 and 6 Plus on the Chinese mainland.
The attack, which uses a fake certificate and Domain Name Service address for the iCloud service, is affecting users nationwide in China. The GreatFire.org team speculates that the attack is an effort to help the government circumvent the improved security features of the new phones by compromising their iCloud credentials and allowing the government to gain access to cloud-stored content such as phone backups.
The complete piece is here: Chinese government launches man-in-middle attack against iCloud [Updated].
Meanwhile, over at greatfire.org, in China collecting Apple iCloud data; attack coincides with launch of new iPhone, percy gets into a lot of technical detail and explanation, complete with sources. Interesting read.
(Many thanks to Bob for providing the links.)
