In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple's iCloud website.
According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the iCloud website with the name field containing the XSS payload. Sharing the document with another user, creating a change, saving, and then clicking "Browse All Versions" under Settings would have triggered the XSS payload.
Given the vulnerability revolved around the iCloud website, it's not linked to a recent software update and has reportedly been patched by Apple server-side. Bharad says he submitted the issue to Apple on August 7, 2020, and received a $5,000 bounty on October 9, 2020. We've reached out to Apple for comment and we'll update if we hear back.
Tuesday February 24, 2026 4:03 am PST by Tim Hardwick
Apple CEO Tim Cook was among a handful of top tech executives who attended a classified CIA briefing warning that China could attack Taiwan by 2027, according to a sweeping investigative report by The New York Times ($).
The previously unreported briefing was apparently held in a secure room in Silicon Valley in July 2023. The meeting is said to have been arranged at the request of the...
Wednesday February 25, 2026 5:37 am PST by Tim Hardwick
Apple has submitted production line orders for its upcoming foldable iPhone, effectively confirming that the device will launch this year, claims a Chinese leaker.
According to the Weibo account "Fixed Focus Digital," assembly lines recently received the orders from Apple, which has apparently allowed the leaker to learn the crease measurements for the device's 7.8-inch inner display....
Sunday February 22, 2026 9:48 am PST by Joe Rossignol
In his Power On newsletter today, Bloomberg's Mark Gurman said Apple will have a three-day stretch of product announcements from Monday, March 2 through Wednesday, March 4. In total, he expects Apple to introduce "at least five products."
Subscribe to the MacRumors YouTube channel for more videos.
A week ago, Apple invited selected journalists and content creators to an "Apple Experience" in...
