Many people turn to Apple products because of the perceived notion that they are inherently more secure than PC and Android devices; unfortunately, that is not always the case.  A recent Apple security loophole has surfaced that has put thousands of users on the receiving end of numerous spam campaigns.   Here, we will look at what is going on as well as a couple things you can do prevent the problem.

A few nights ago I first noticed a string of notices on my personal iPad calendar.  Typically, the calendar app is not something I use or pay much attention to, but after receiving three popup notices within an hour I took notice.  At first glance, I assumed the notices had simply been sent in error.  I deleted them and didn’t think any more of it.  That is, until the following day when my entire calendar was overrun with sales notices, most of which were from foreign senders.

The problem lies with iCloud.com or rather, a user’s automatically generated email account.  The invite spam is sent to a user’s email account and automatically converted into in-app push notifications that are part of both iOS and macOS.  This exploit takes advantage of what is supposed to be a helpful feature.  Emails that contain important dates are automatically scanned and presented to a user so they don’t forget.  The problem is the system does not police itself for abuse and is easily exploited.

If you are one of the many people who are receiving these notices the most important thing to remember is to NOT accept OR decline the invitations.  Either choice will send back a notice to the spammer and inform them that they have found an active email account.  This will open you up to further spam and harassment.  You should also be warry about following any links contained within the notices.  Instead, here are a few options that will offer temporary relief until Apple is able to fix the underlying problem.

Prevent Spam from Going to Your Calendar

  1. Login to iCloud.com. You can do this from your Apple device or any other computer, but make sure you use your primary Apple credentials.
  2. Once you are signed in you should see a bunch of Apple style icons. Click on Calendar.
    icloud

    iCloud interface as viewed from a PC.

  3. On the lower left hand side, click on the Gear icon and then choose preferences.
  4. From here choose the Advanced Tab and look for Invitations. Choose the option to email invites instead of using In-app notifications.  This should prevent future spam.