Apple CEO Tim Cook has been in recent discussions with a top Chinese government official concerning security, Reuters reports. The meeting comes following a report that Apple users in China have been targeted in a “sophisticated and widespread” attack by hackers looking to access private user data stored in iCloud. The report was released by Chinese web monitoring group Greatfire.org, which has also claimed that the Chinese government is involved in the hack—a claim strongly refuted by the Chinese government. Cook and Vice Premier Ma Kai met Wednesday in Zhongnanhai to discuss “protection of users’ information” and “strengthening cooperation and in information and communication fields,” according to the official Xinhua news agency. Apple also appears to have rerouted user data on Tuesday to circumvent the hack, Greatfire told Reuters.
Apple was informed of an iCloud security vulnerability that could lead to compromised user data as early as March 2014, a new report indicates. E-mails obtained by The Daily Dot reveal that London-based software developer Ibrahim Balic informed Apple on March 26 that he had successfully bypassed a “brute-force” security prevention measure, effectively allowing him to try over 20,000 password combinations on any iCloud account. Balic also informed Apple of the vulnerability using the company’s online bug reporter. Another e-mail dated May 6 shows that Apple was aware of the problem, with a representative continuing to question Balic on the nature of his discovery. Apple came under fire earlier this month with a high-profile celebrity photo hack involving iCloud accounts, and while Balic notes that the nature of the attack bears a “stark resemblance” to the issue he reported, it remains unclear if they are the same vulnerability.
Apple has released a new security document detailing the use of app-specific passwords for third-party apps in iCloud. A feature of two-step verification, the passwords will be required to sign in to iCloud when using third-party apps starting on Oct. 1. The passwords will allow for secure sign-ins, and ensure that third-party apps aren’t collecting or storing your primary Apple ID password. App-specific passwords can be generated and managed from the My Apple ID page. When the primary Apple ID password is changed or reset, all of the app-specific passwords will be revoked automatically, and new app-specific passwords will be required. For more details, see the security document.
Following this week’s announcement of iOS 8, Apple has sent out notifications to existing paid iCloud storage customers notifying them of new, reduced prices for their existing storage plans, along with pro-rated refunds for the balance of the reduced plan price. Customers who have already purchased iCloud Storage under the old annual pricing model retain whatever storage capacity they purchased, at a price now reduced to the next-lowest tier available. For example, a customer who had previously purchased the 25GB storage plan for $40/year will have their price reduced to $11.99 annually, roughly equivalent to the new 20GB plan now available for $0.99/month. Customers will be able to retain these plans at the new annual subscription prices, offering a slight storage bonus over the new plans that are now available on a monthly basis.
Update: Several readers who were on the smaller 10GB/$20 plans have reported also having their storage increased as part of this transition. Presumably, since 20GB is now the smallest capacity available under the new iCloud Storage plans, these users get bumped up to the 20GB plan for $11.99/year, also receiving a pro-rated refund of the difference between plan prices.
Apple will soon issue more security alerts to users in an effort to boost privacy, CEO Tim Cook told The Wall Street Journal. The company will alert users when an account password change is attempted, when iCloud data is restored to a new device, or when a device logs into an account for the first time. New notifications will start in two weeks, and users will be able to make immediate changes — the account password can be changed, or Apple’s security team can be alerted to the issue.
Cook said Apple could have done more to prevent incidents like the recent celeb photo hack. The company could have better informed users about hackers, and played up the importance of better passwords. “When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” Cook said. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.” Apple also plans on “aggressively” pushing people to use its two-factor authentication in iOS 8.
In response to allegations that iCloud played a role in the recent release of many private celebrity photos, Apple has confirmed that “certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.” Despite the account intrusions, Apple claims that none of its systems, including iCloud and Find my iPhone, were breached. The company also claims it has already investigated the photo theft for more than 40 hours. To protect against such attacks, Apple suggests that users select a strong password and enable two-step verification.
Apple is “actively investigating” a recent celebrity photo hack that may have involved its iCloud service, Re/Code reports. The hack has leaked a large number of private, revealing photos of various celebrities, and iCloud has come under fire. Actress Kirsten Dunst tweeted a sarcastic “Thank you iCloud,” with some choice emoji. “We take user privacy very seriously and are actively investigating this report,” Apple spokeswoman Natalie Kerris said.
It’s unclear, however, how culpable Apple really is at this point; some reports have suggested that the leak included iPhone images alongside videos and Android images that presumably wouldn’t have come from iCloud servers. As reported by TheNextWeb, it’s possible that a hacker used a brute force password attack — a vulnerability that Apple notably didn’t patch until Monday. While Apple does its own investigation, the FBI is conducting the official investigation of the hack, The Telegraph reports. Apple does offer two-step verification that could have thwarted the hacker, but it’s not a surprise to see many not using the feature. We’ll see what comes of the investigation, but it calls Apple’s account security into question — bad timing, considering the company will reportedly debut its own mobile payment system as soon as next week.
Apple has updated iWork for iCloud with new features, including the ability to create and format 2-D and interactive charts. Documents up to 1 GB can now be edited, and images up to 10 MB can be inserted into documents. Additionally, up to 100 people can now collaborate on a single document. All of these changes have been instituted in Pages, Keynote, and Numbers, with each program receiving additional minor changes as well. The changes can be seen when opening the programs at iCloud.com.
Apple has updated its iWork apps — Pages, Keynote, and Numbers — at iCloud.com. The updates include new designs for the web apps, Retina display support, and the ability to share view-only documents, among other features.
Apple is working to develop versions of its TextEdit and Preview Mac applications for iOS, 9to5Mac reports. The iOS versions of the apps would reportedly only be used to view TextEdit and Preview files stored in iCloud; users would have to edit documents using Pages. It’s “currently uncertain, but still possible” that the new versions of the apps will end up in iOS 8. The new applications come from the restructuring of Apple’s iOS and OS X development teams, sources said, as engineers now work together on both operating systems. Apple is also researching new iCloud storage tools to simplify the development of server-integrated App Store applications for iOS as the company pushes to make iCloud a larger part of the iOS file system in the future.
Apple has introduced two-step verification for Apple IDs in a number of countries today, including Canada, France, Germany, Italy, Japan, and Spain. The countries that can currently use the optional two-step verification feature for Apple IDs are listed in an Apple support document. Two-step verification can be activated via the My Apple ID website. Apple first debuted the service last March. [via 9to5Mac]
- January 29, 2014
A glitch on iCloud.com may reveal that iCloud Bookmarks will soon be coming to the iCloud.com portal. The glitch was reportedly found during an attempt to install the iCloud Control Panel for Windows extension for Chrome. A page that reads, “iCloud Bookmarks are coming soon. Please check back later,” pops up briefly at the bookmarks extension URL. The page shows a smiling cloud holding the iOS 7 Safari bookmarks button. [via 9to5Mac]
Apple has updated iWork for iCloud, adding redesigned elements to the web apps while introducing new features to Pages, Numbers and Keynote. The template selector and document library now resemble iOS 7. Upon opening the apps, Apple reveals the new changes.
Users can now add passwords and share password-protected documents, and view documents that have been shared by others, among other features added to each app. VoiceOver support has also been improved in all three apps. [via 9to5Mac]
German iCloud users can now receive push email notifications again, Apple has confirmed. The feature was restored last night after a delay of more than 19 months, caused by a dispute with Google’s Motorola Mobility which forced Apple to deactivate the notifications. Apple reportedly had to post a $132 million bond to lift the injunction. A Munich court will hold an invalidation hearing Nov. 13 on the patent that caused the dispute. [via FOSS Patents]
Apple has informed former MobileMe members via email that their 20GB iCloud storage upgrade has expired. Those users who haven’t purchased a storage plan and are still using more than 5GB of iCloud space have found that iCloud has temporarily stopped working. The service will work again once the amount of storage space used is reduced to 5GB or less, or if a larger storage plan is purchased. Apple has released a support article on the changes. Apple started notifying customers in early August that the free upgrade would expire and changes would need to be made to their iCloud storage. For more information on how to best reduce your iCloud footprint, check out this iLounge article from last week.
Apple is denying some users access to iWork for iCloud beta, which just opened to the public on Friday. A message from Apple says the new service has “had an overwhelming response,” and that users should “check back soon.” No timeframe is given for when the service will open up to users who are currently unable to gain access. Public invites to iWork for iCloud beta were first sent out in July. [via 9to5Mac]
Apple appears to have opened its iWork for iCloud beta to the general public, allowing anybody with an Apple ID to access its new web-based productivity suite. Originally only available to registered iOS Developers, Apple later sent out invitations to some users to the beta to for early access to the service.
Users can check out the new Pages, Numbers, and Keynote web apps by logging on with their normal Apple ID and password at iCloud.com. It is unclear at this point how long this public beta period for iWork for iCloud will run or whether Apple will continue to provide the web apps as a free service to iCloud users following release. [via Engadget]
Apple’s system status page is reporting problems with several iOS and iCloud services since approximately 12:30 AM EDT. The site notes that some users may be unable to use iCloud Documents, Photo Stream, iPhoto Journals, Backup & Restore, or send or download attachments in iMessage. While the status update notes that less than 1% of users are affected by the service outage, with over 250 million iCloud users, this potentially represents over 2 million people.
Apple has updated its web-based beta.icloud.com site to match its design for iOS 7. As the iCloud beta site includes Find My iPhone, the update offers clues as to what the iOS Find My iPhone app will look like when it gets updated.
The design also suggests that Apple is readying some iOS 7-style changes to future Mac desktops; it incorporates an animated background akin to iOS 7’s, as well as similar font choices. Apple’s new iCloud.com will likely come out of beta in the fall. [via 9to5Mac]
Apple is now notifying former MobileMe members via email that the free 20GB iCloud storage upgrade they received will be expiring on Sept. 30, as was announced last year. iCloud storage for those users will revert to the free 5GB plan after the complimentary upgrade expires. Users who wish to retain their extra iCloud storage must purchase a storage plan by Sept. 30. An Apple support document provides additional details.