In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple's iCloud website.
According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the iCloud website with the name field containing the XSS payload. Sharing the document with another user, creating a change, saving, and then clicking "Browse All Versions" under Settings would have triggered the XSS payload.
Given the vulnerability revolved around the iCloud website, it's not linked to a recent software update and has reportedly been patched by Apple server-side. Bharad says he submitted the issue to Apple on August 7, 2020, and received a $5,000 bounty on October 9, 2020. We've reached out to Apple for comment and we'll update if we hear back.
In his Power On newsletter today, Bloomberg's Mark Gurman reiterated that iOS 27 will be similar to 2009's Mac OS X Snow Leopard, in the sense that one of Apple's biggest priorities is bug fixes for improved performance and stability.
During WWDC 2008's State of the Union, Apple showed a slide that said Mac OS X Snow Leopard had "0 new features," as it opted to focus on performance and...
Apple today unveiled AirPods Max 2, with key upgrades including the H2 chip, increased active noise cancellation, improved sound quality, and features such as Adaptive Audio, Conversation Awareness, Voice Isolation, and Live Translation.
The new AirPods Max have the same overall design as the previous generation, with most of the new features coming from the upgrade to the H2 chip:- Adaptive ...
Surprise! Apple today unveiled the AirPods Max 2, despite no rumors suggesting that a new version of Apple's over-ear headphones were imminent.
Key upgrades compared to the previous AirPods Max include Apple's H2 chip, increased active noise cancellation, improved sound quality, and features such as Adaptive Audio, Conversation Awareness, Voice Isolation, and Live Translation.
AirPods Max ...
