Pyntax

Aggregating the Future

APPLE

Apple Reportedly Patches XSS Vulnerability on iCloud's Website

BySami Fathi

Feb 22, 2021

MAC ROUMORS

In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple’s ‌iCloud‌ website.

According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the ‌iCloud‌ website with the name field containing the XSS payload. Sharing the document with another user, creating a change, saving, and then clicking “Browse All Versions” under Settings would have triggered the XSS payload.

Given the vulnerability revolved around the ‌iCloud‌ website, it’s not linked to a recent software update and has reportedly been patched by Apple server-side. Bharad says he submitted the issue to Apple on August 7, 2020, and received a $5,000 bounty on October 9, 2020. We’ve reached out to Apple for comment and we’ll update if we hear back.

Tags: security, iCloud

This article, "Apple Reportedly Patches XSS Vulnerability on iCloud's Website" first appeared on MacRumors.com

Discuss this article in our forums

Source: MAC ROUMORS

By Sami Fathi

Related Post

APPLE ios iPad iPhone Mac Rumors

Apple Explains Why You Should Buy a Mac

May 21, 2021 Juli Clover
APPLE ios iPad iPhone Mac Rumors

PopSockets MagSafe-Compatible PopGrips and PopWallets Now Available for Purchase

May 20, 2021 Juli Clover
APPLE ios iPad iPhone Mac Rumors

Pok Pok Playroom is a Beautiful New Kids App From Makers of Alto's Adventure

May 20, 2021 Joe Rossignol

You missed

Uncategorized

Teslas made in Texas will likely have to leave the state before Texans can buy them

May 30, 2021 A Word From Our Sponsor
Uncategorized

MagSafe used to fish out iPhone 12 Pro dropped in canal

May 30, 2021
Uncategorized

Wacom Cintiq Pro 24 Touch review: Beautiful but needs improvement

May 30, 2021
Uncategorized

Google made it hard for users to keep location data private

May 30, 2021