A security researcher from India was awarded $5,000 from Apple via its bug bounty program, after discovering a cross-site scripting (XSS) flaw in iCloud. Since the discovery of the issue, Apple has patched the issue in iCloud.com.The vulnerability found by Vishal Bharad involved creating a file in Pages or Keynotes on the iCloud website, part of Apple’s iWork bundle. The file was created with a specific name that contained the desired XSS payload.After sending the file to another user or collaborating with them, the attacker then had to make changes to the document and save it, the researcher advised in a blog post. Changing “Browse All Versions” in Settings then triggers the running of the XSS payload on the other user’s device. Read more…
Source: Apple Insider News and Secrets on New Apple Products
Apple pays $5,000 bug bounty for iCloud XSS bug discovery
Published in Apple iMac and iPhones
More from Apple iMac and iPhonesMore posts in Apple iMac and iPhones »
- New iPad Pro in the fall could have Apple Silicon M2 chip, maybe not MagSafe
- Speck Presidio Folio for MagSafe review: Portable charging convenience
- Best deals Jan. 23: $20 Audio-Technica earphones, $12 SanDisk USB-C Flash Drive, more!
- Apple Car engineering manager departs for Meta role
- Fall of 2022 will be Apple's biggest ever, if rumors are correct
