Click to Skip Ad
Closing in...

Does Apple have another major iCloud security issue on its hands?

iCloud Saves Unsaved Mac Files

After having to deal with the iCloud-related Nudegate scandal, stop the Chinese iCloud attacks, and reassure users that its cloud has not been hacked, Apple might have a new iCloud problem to deal with, as various people report that Apple is silently uploading unsaved documents to iCloud after a Mac is updated to Yosemite.

FROM EARLIER: Here’s how to make sure your iCloud data is safe from hackers

Detailed by Slate‘s Yael Grauer and Datavibe’s Jeffrey Paul, the issue isn’t really new, as it’s simply the result of various features added to OS X over the years, but it’s not clearly explained to the user either.

Until Yosemite rolled out, Mac users were able to open various docs in apps on their devices, including TextEdit, Preview, Pages, Numbers and Keynote, populate them with content and close them without saving. OS X would save their contents and bring them up later when the same apps were opened. But starting with Yosemite, those unsaved files have also been sent to iCloud so that users can access them on other devices, thus making Continuity/Handoff possible.

For some, the feature may be a great one. But others aren’t so thrilled because Apple isn’t expressly saying this happens.

“It’s a behavior nobody expects,” Johns Hopkins University Information Security Institute applied cryptography teacher and researcher Matthew D. Green told Slate. “I’m fine with things that I haven’t saved being stored on the hard disk. I’m OK with that. I think it’s a nice feature. But things that I haven’t explicitly put on in the Cloud getting snuck onto the Cloud is a bizarre feature.”

“I’m baffled as to why people don’t think it’s a big deal,” Green added. “It’s a big deal to me.”

There are ways to prevent this from happening — by going to System Preferences > iCloud > Documents & Data, or by saving a document locally instead of keeping it unsaved — but that might not be enough for those people who are worried that their drafts containing potentially sensitive information might have already been silently uploaded to the cloud.

For more details on the matter, check out the source links below.