Press "Enter" to skip to content

Apple pays $5,000 bug bounty for iCloud XSS bug discovery

A security researcher from India was awarded $5,000 from Apple via its bug bounty program, after discovering a cross-site scripting (XSS) flaw in iCloud. Since the discovery of the issue, Apple has patched the issue in vulnerability found by Vishal Bharad involved creating a file in Pages or Keynotes on the iCloud website, part of Apple’s iWork bundle. The file was created with a specific name that contained the desired XSS payload.After sending the file to another user or collaborating with them, the attacker then had to make changes to the document and save it, the researcher advised in a blog post. Changing “Browse All Versions” in Settings then triggers the running of the XSS payload on the other user’s device. Read more…
Source: Apple Insider News and Secrets on New Apple Products

%d bloggers like this: