In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple's iCloud website.
According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the iCloud website with the name field containing the XSS payload. Sharing the document with another user, creating a change, saving, and then clicking "Browse All Versions" under Settings would have triggered the XSS payload.
Given the vulnerability revolved around the iCloud website, it's not linked to a recent software update and has reportedly been patched by Apple server-side. Bharad says he submitted the issue to Apple on August 7, 2020, and received a $5,000 bounty on October 9, 2020. We've reached out to Apple for comment and we'll update if we hear back.
Wednesday January 12, 2022 2:23 pm PST by Juli Clover
iOS 15.2 did not introduce a bug that turned iCloud Private Relay off for some users, Apple said in a statement that was provided to MacRumors. The statement was in response to a T-Mobile claim that iOS 15.2 had automatically toggled the iCloud Private Relay feature off for some users.
iCloud Private Relay is an innovative internet privacy service that allows users with an iCloud+ subscription ...
Major EU mobile operators are reportedly looking for Apple's iCloud Private Relay service to be outlawed because it allegedly infringes upon EU "digital sovereignty," according to a report from The Telegraph.
iCloud Private Relay was a feature announced with iOS 15 that encrypts data so that neither Apple nor a third-party can see users' browsing activity in Safari. With iCloud Private Rely...
Friday December 10, 2021 2:32 am PST by Tim Hardwick
Mozilla has released Firefox 95, featuring a new version of its security sandboxing subsystem called RLBox, and additional performance and efficiency improvements for the macOS version of the web browser. According to the release notes, RLBox is a new technology that hardens Firefox against potential security vulnerabilities in third-party libraries. The sandbox subsystem works by...
Wednesday November 10, 2021 11:07 am PST by Juli Clover
Apple today introduced a major update to iCloud for Windows, bringing the version number for the software to 13. Apple has added support for Apple ProRes videos and Apple ProRAW photos, so files in these formats can now be accessed from Windows PCs via iCloud.
All participants of an iCloud Drive shared file or folder are now also able to add or remove people, and Apple has introduced support ...
Sunday January 16, 2022 3:37 pm PST by Joe Rossignol
A bug in WebKit's implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS.
In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user's browsing session....
Tuesday January 11, 2022 12:02 pm PST by Juli Clover
T-Mobile has not disabled iCloud Private Relay for its subscribers, in contrast to recent reports suggesting the carrier was preventing iPhone users from enabling the feature.
In a statement to Bloomberg's Mark Gurman, T-Mobile said that iOS 15.2 device settings that default to the feature being toggled off, and that Apple has been contacted. T-Mobile explicitly says that iCloud relay has...
Thursday February 17, 2022 11:50 am PST by Juli Clover
Following the release of iOS 15.3.1 on February 10, Apple has stopped signing iOS 15.3, the previously available version of iOS that came out in late January. Because iOS 15.3 is no longer being signed, it is not possible to downgrade to that version of iOS if you've updated to iOS 15.3.1.
Apple routinely stops signing older versions of software updates after new releases come out in order...
Apple plans to merge its iCloud Documents and Data service with iCloud Drive starting in May of 2022, according to a support document published late last week (via MacGeneration).
iCloud Drive and iCloud Documents and Data share the fundamental ability to backup data from apps. However, iCloud Documents and Data was often a cumbersome, confusing experience. In contrast, iCloud Drive is more...
iPhone 14 Pro models are widely expected to feature always-on displays that allow users to view glanceable information without having to tap to wake the screen. In the latest edition of his Power On newsletter for Bloomberg, Mark Gurman said the feature will include support for iOS 16's new Lock screen widgets for weather, fitness, and more.
"Like the Apple Watch, the iPhone 14 Pro will be...
Benchmark testing has indicated that the 256GB variant of the 13-inch MacBook Pro with M2 chip offers slower SSD performance than its M1 equivalent, and now real-world stress testing by YouTuber Max Yuryev of Max Tech suggests that the 256GB SSD in the 13-inch MacBook Pro is also underperforming in day-to day-usage.
The M2 MacBook Pro with 256GB SSD and 8GB RAM was slower than the M1 MacBook ...
Following the launch of Apple's new 13-inch MacBook Pro with the M2 chip, it has been discovered that the $1,299 base model with 256GB of storage has significantly slower SSD read/write speeds compared to the equivalent previous-generation model.
YouTube channels such as Max Tech and Created Tech tested the 256GB model with Blackmagic's Disk Speed Test app and found that the SSD's read and...
In the latest edition of his Power On newsletter for Bloomberg, Mark Gurman outlined additional M2 Macs on Apple's product roadmap, including new Mac mini models with M2 and M2 Pro chips, new 14-inch and 16-inch MacBook Pro models with M2 Pro and M2 Max chips, and a new Mac Pro tower with M2 Ultra and "M2 Extreme" chips.
Following the M2 series of Macs, Gurman said the first M3 series of...
TSMC will manufacture Apple's upcoming "M2 Pro" and "M3" chips based on its 3nm process, according to Taiwanese industry publication DigiTimes.
"Apple reportedly has booked TSMC capacity for its upcoming 3nm M3 and M2 Pro processors," said DigiTimes, in a report focused on competition between chipmakers like TSMC and Samsung to secure 3nm chip orders. As expected, the report said TSMC will...
With many customers choosing to upgrade their iPhone every two or three years nowadays, there are lots of iPhone 11 Pro users who might be interested in upgrading to the iPhone 14 Pro later this year. Those people are in for a treat, as three years of iPhone generations equals a long list of new features and changes to look forward to.
Below, we've put together a list of new features and...
Polish developer Michał Gapiński has released a new and improved version of his "Tesla Android Project" which brings Apple's CarPlay experience to more Tesla vehicles than ever before.
According to Gapiński, version 2022.25.1 provides "100% functional CarPlay integration for any Tesla," and comes with several new features and bug fixes.
The project now supports DRM video playback so that...
Apple today launched its annual "Back to School" promotion for college/university students in the United States and Canada. This year's promotion offers a free Apple gift card with the purchase of an eligible Mac or iPad, rather than free AirPods like last year. Apple is also offering students 20% off AppleCare+ plans during the promotion.
Apple is offering a $150 gift card with the purchase ...
Apple on May 16 released iOS 15.5 and iPadOS 15.5, bringing improvements for Podcasts and Apple Cash, the ability to see Wi-Fi signal of HomePods, dozens of security fixes, and more.
Top Rated Comments