How is this technically even possible. Isn't all data in iCloud supposed to be encrypted with your Apple Password?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iCloud for Windows Users Complain of Corrupted Videos, Photos From Strangers
- Thread starter MacRumors
- Start date
- Sort by reaction score
I’ve even been experimenting all morning with HEVC video data and if I could get I-Frames somehow inserted by manipulating blocks of data mixing in HEIF images data directly in to the stream.
The answer was no. My next experiment was I-Frames from another HEVC encoded video.
Since I can only presume from the OP and articles that this is affecting a download function of an original file; not some transcode to another format where I’d classically expect this to happen: I’m struggling to even technically make this happen: getting a still inside a HEVC
Unless: iCloud for windows presumes windows can’t play HEVC and tries to encode it as H.264 it and that’s where we got the data leaking during that encode phase.
That’s a leap and would also explain why only windows client was affected.
Go read the thread I linked. The account was called out as new. Multiple accounts actually. Also VLC was being used to view videos from an iPhone on Windows which does not have the same built in codecs as the Mac.
That thread was linked in the article. I can find no other evidence, anywhere. Yes I am questioning this because of the lack of evidence as should everyone.
I have a @mac.com account so I have been using this service for a long time now. Never on Windows but all I use Windows for these days is gaming.
You are right that iCloud has had a bumpy road. The .me days were bad. That said I have also have a hotmail account since before Microsoft bought them. The cloud storage from Microsoft (Live drive, Skydrive, OneDrive) has had an equally bumpy road.
I consider both to be solid now and I do own both. I only use OneDrive on both Mac and Windows but I only use it for documents. I use iCloud mainly for photos and the syncing from iPhone to cloud to iPad/Mac/TV is really good and fast. I have tried photos from an iPhone syncing through the OneDrive app on the phone to their cloud and down to Windows photos and that is a clunky, way less than ideal process but it does work provided you keep the OneDrive app open on your phone and the Windows photo app does not crash and needs “Repairing” as it often does.
On Windows if I want to see my iCloud Photos (very rare) I have created a PWA using Edge pointed at the iCloud Photos web page. It works fine and I do not have to install the iCloud software on my Windows gaming monster machine.
I also call horse manure on this one. It's the only fair thing to do to question this, as there's absolutely no evidence except for those 2-3 isolated cases which happened to show up all at the same time, all with new accounts.
And even if it was true, there are so many possibilities as to what's going on here, that it's absurd to call out Apple on it. I actually see some Windows virus as more likely to trigger such a behavior, rather than a server-side iCloud bug which would affect millions of customers for sure.
If you have ever used the Windows photo app in Windows 10 and now 11 you would know what complete piece of garbage it is. I have helped a few friends with it over the years. If often will start to crash all the time. To fix it you can try to “repair “ it, since it is a Store app, then uninstall it and reinstall it and finally really uninstall it via power shell and install it again.
Also on Windows 11 at least it was recently significantly over hauled with 22H2 in October. They dropped the video editing part, dropped albums and……..created the hook for the new iCloud Photos plugin. The video editing part was replaced with a subscription app called “Clipchamp”.
So yes many possibilities here. Especially when you consider that the photos app on Windows was just overhauled to incorporate this new iCloud plugin. That and the horrible track record of the photos app.
Many Windows users begged Microsoft to bring back Windows Live Photos and Movie maker as they worked and had way more features than the current apps that came with Windows 10/11.
Apple’s fault and you blame windows issue. Nice.
Windows security is shocking nobody should be surprised.
Actually I'm a certified systems administrator with 50 years of computing experience.
Ok, Windows security may suck, but this has nothing to do with Windows.
hearsay of a security breach is not the same as a security breach.
Assuming it's a lie is bad. (you know what they say about assuming)
Agreed it's not proven, but it's not been disproven either, and one should always take security seriously. Hearsay is enough to change security practices to mitigate a threat if your job is security. If we mess up and don't take it seriously, it costs the companies we work for money, and probably our jobs.
Did you ever see the video of the user who had access to many different notes from different users on iCloud.com?
I am unsure if that was even proven, but how would you prove it unless Apple admitted it, and that is unlikely to occur unless many users notice it. Can you explain to me how a windows virus would be able to trick apple servers into providing other peoples data?
Lets just say you are correct and a windows virus somehow was able to do this, it still falls on Apple because their servers contain the data and their servers are dishing out the data incorrectly, virus or no virus the liability is on Apple. I do not see anyway Microsoft would be involved, if for example there was some kind of MS database shared with Apple in relation to the iCloud for windows app, and that had been breached, perhaps in that scenario, but as far as I know, no such database exists, nothing is shared between Apple and Microsoft in relation to this software. It all happens on the Apple server, the windows software just acts as a doorway between the user and the server. The key is made by Apple, the door is made by Apple. Windows is just empty space for Apple to build the station. You would not complain to the landlord about a faulty product you bought from a store based in his building. You would go to the store.
Last edited:
Unless it’s fully end to end encrypted, it’s not 100% secure. This is like having your house locked, but Tim Cook also has a copy of your door key. You have to trust Tim to properly secure your key and trust that he won’t do anything unauthorized.
I use iCloud and love it but you have to understand what it is.
I use iCloud and love it but you have to understand what it is.
We only typically respond to solid guidance from reputable reporting agencies, but I guess everybody has their own methods.
The EU, USA and China are the reasons why your data isn’t 100% secure. Governments want to be able to access what you’re doing so in order to give them that access you’re going to lose a little bit of security. The EU or any government is not going to push Apple into full into end encryption. Sorry, but this isn’t the time governments are going to come to the rescue.
Wonder if cheaters that were caught would try to use the breach to their advantage and say there's an iCloud issue
Found this on Reddit privacy, so it appears the issue (random photos appearing) has existed in some form since 2012. Various updates over the decade.
discussions.apple.com
Although some of the scenarios were due to WhatsApp, some could not be explained.
icloud someone else's photo - Apple Community
Although some of the scenarios were due to WhatsApp, some could not be explained.
By applying reasoning. That windows application’s sole function is to handle user authentication and download data belonging to the user to windows PC. How a downloader downloading random stuff from a server has anything to do with windows being bad?
Yes, if you love to speculate, you can just say that downloader program is coded in a janky manner, or the download is not handled properly by the program. But then, the downloader is not the one sending data. Server sends the data to the downloader based on request. If the server sends garbage, then downloader receives garbage. Simple as that.
As such, the Issue outlined in OP has nothing to do with windows.
If you still don’t believe me, feel free to move on. I’m fine either way.
That's an awfully slow way of dealing with something like a zero day exploit. Your risk to take...