Apple said Monday it is "actively investigating" whether a security breach at its iCloud service was responsible for the leak of several private, nude images of celebrities, including actress Jennifer Lawrence.
"We take user privacy very seriously and are actively investigating this report," Apple spokeswoman Natalie Kerris told Recode. CNET has contacted Apple for comment and will update this report when we learn more.
Apple on Monday appears to have rolled out a new implementation of its two-factor Apple ID authentication system with iCloud.com, requiring users who have the additional layer of security enabled to enter a special code before accessing the Web apps.
With the new implementation, shown in the screenshot above, Apple is expanding its two-step authentication security feature beyond Apple ID management and iCloud-connected features to the iCloud.com Web app suite. Prior to the change, iCloud.com was accessible via a simple password. The feature was first spotted by reader Stephan.
In the latest versions of OS X and iOS, Apple's new iCloud Keychain provides one of the most important pieces of functionality for security-conscious users: a password manager.
Unfortunately, it's kind of a mess. iCloud Keychain does accomplish the most basic things you'd expect a password manager to do, but it often does so in an awkward manner. Important functionality is hard enough to find that it may be effectively hidden from the average user, particularly on iPhones and iPads.
Russian security researcher Vladimir Katalov analyzed Apple's secretive iCloud and Find My Phone protocols to discover that neither are protected by two-factor authentication, and iCloud data can be downloaded remotely without a user ever knowing.
Smartphones carry a lot of sensitive data that in theory should be accessible only to their owners. In practice, a lot of it can be exfiltrated from the devices and from the backups either stored on the device or in the cloud by employing different forensic methods.