In a sophisticated new cyberattack, hackers have reportedly found a way to abuse the invitation feature of iCloud Calendar to send phishing emails directly from Apple’s servers. The exploit bypasses traditional spam filters and email security protocols, causing malicious links and junk invites to land directly in users’ inboxes and calendars. The alarming vulnerability has created a new challenge for users and cybersecurity experts, as it leverages the inherent trust in Apple’s infrastructure to deliver its payload.
The attack works by exploiting the calendar invitation system, which is designed to allow users to easily invite others to events. Cybercriminals are sending thousands of junk invites that, when accepted, automatically add fraudulent events to the user’s calendar. The events often contain links to phishing websites or other malicious content. Because the invitations are routed through Apple’s trusted servers, they are not flagged as spam by email providers like Gmail, Yahoo, or Outlook.
Apple has not yet issued an official statement on the matter, but reports from security researchers and affected users are widespread. The issue highlights a critical weakness in how legitimate, trusted services can be weaponized for malicious purposes. Unlike standard email spam, which can be easily filtered or blocked, a calendar invitation is seen as an action, not a message, making it difficult to automatically sort out.
For users, the primary defense is awareness. Security experts advise against interacting with any suspicious calendar invites. Do not accept, decline, or click on any links within them. The best course of action is to delete the event without responding. While this can be a tedious process for those targeted by large-scale campaigns, it prevents the scammers from confirming that an email address is active. Until a technical solution is implemented, users are on high alert to this new, insidious form of social engineering. The incident serves as a crucial reminder that even the most secure platforms can have vulnerabilities that are exploited by determined hackers.
