Experts specializing in cybersecurity have detected a number of potential concerns associated with the iCloud Keychain feature in the latest versions of iOS 17 and macOS Sonoma.
· When you update your device, iCloud Keychain may automatically turn on, even if it was previously turned off.
· If a feature has been enabled and then the user disables it, additional questions arise about data retention.
The iCloud Keychain feature appeared in iOS 7 and OS X Mavericks. This is a feature that stores passwords and credit card data in iCloud, ensuring they are available on all Apple devices. All information is end-to-end encrypted, and even Apple does not have access to user credentials or payment details.
Researchers from the Mysk company reported that some users who did not use iCloud Keychain, after the update, this function was activated by itself.
Users who have updated to iOS 17, iPadOS 17, or macOS Sonoma and have not previously synced Passwords & Keys with iCloud should check their settings and make sure Keychain Access is disabled.
If you disable iCloud Keychain, your data may remain on Apple servers. According to the company:
· If a user signs out of an iCloud account with iCloud Keychain enabled, they will be prompted to keep or delete their keychain information.
· In the past, there was a possibility to forcefully delete data from iCloud servers. However, this capability is now linked to the newly introduced “Family Passwords” feature, which enables users to share login credentials with trusted contacts.
All users are recommended to pay attention to their device settings after the update and make sure their data is saved in the cloud. Whether this is a bug, or Apple for some reason deliberately decided to activate Keychain for all its users, is still unknown.
CyberSec84 | Cybersecurity news. 
Leave a comment