In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple's iCloud website.
According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the iCloud website with the name field containing the XSS payload. Sharing the document with another user, creating a change, saving, and then clicking "Browse All Versions" under Settings would have triggered the XSS payload.
Given the vulnerability revolved around the iCloud website, it's not linked to a recent software update and has reportedly been patched by Apple server-side. Bharad says he submitted the issue to Apple on August 7, 2020, and received a $5,000 bounty on October 9, 2020. We've reached out to Apple for comment and we'll update if we hear back.
Following today's release of iOS 14.5.1 and last week's release of iOS 14.5, Apple has stopped signing iOS 14.4.2, the previously available version of iOS 14 released on March 26. With iOS 14.4.2 no longer being signed, it is not possible to downgrade to iOS 14.4.2 from iOS 14.5 or iOS 14.5.1 if you've already updated your iPhone or iPad.
Apple routinely stops signing older versions of...
A ransomware group that last week stole schematics from Apple supplier Quanta Computer and threatened to release the trove of documents has mysteriously removed all references related to the extortion attempt from its dark web blog, MacRumors can confirm.
The ransomware group known as REvil claimed last Tuesday that it had accessed the internal computers of Taiwan-based Quanta and managed to ...
Wednesday February 3, 2021 10:56 am PST by Juli Clover
Several of Apple's services are experiencing an outage at the current time, with Apple noting service interrupts for iCloud Backup, iCloud Drive, iCloud Notes, iCloud Storage Upgrades, and Photos on its System Status page.
The issue has been ongoing since approximately 10:13 a.m. Pacific Time. Apple says that users may be unable to use these services during the outage, so features like...
The App Store and Mac App Store are currently experiencing an outage, according to Apple's System Status page. Apple says that App Store services could be slow or unavailable for some users, with the problem starting at 10:05 a.m. Pacific Time.
Other services like iCloud Drive, iCloud Mail, and iMessage are also listed as experiencing issues, with some users unable to access Apple's...
If you're low on iCloud storage but want to buy a new device and transfer your data, Apple is making the process easier in iOS 15 with a temporary storage boost.
Apple says that the new feature will grant you as much storage as you need to complete a temporary backup for up to three weeks, letting users transfer their apps, data, and settings to a new device using iCloud even when there's an ...
At WWDC, Apple announced that iCloud is getting a premium subscription tier called "iCloud+," which includes "Private Relay" that allows users to browse the web through Safari with all information leaving their device remaining encrypted and access to "Hide My Email." One of the headlining features for iCloud+ is Private Relay, which, similarly to a VPN, ensures that all traffic leaving a...
Starting with iOS 15 and iPadOS 15, which will be publicly released in the fall, security cameras and video doorbells that support HomeKit Secure Video can now detect and notify you when a package has been delivered.
HomeKit Secure Video, available on iOS 13.2 and later, leverages iCloud to securely stream and store video clips from compatible HomeKit-enabled indoor and outdoor cameras and...
Apple today released a new version of Safari 14.1 for macOS Catalina and macOS Mojave users, with the update introducing fixes for two WebKit vulnerabilities that were patched in macOS Big Sur yesterday.
Apple's support document for the updated Safari release confirms that it addresses the same WebKit memory corruption issue and an integer overflow bug for users of older versions of macOS. ...
Continuing the tradition set with the iPhone 13 Pro, only the highest-end iPhone 14 models will feature Apple's ProMotion display technology, according to a respected display analyst.
Ross Young, who on multiple occasions has detailed accurate information about Apple's future products, said in a tweet that ProMotion will not be expanded to the entire iPhone 14 lineup and will remain...
Apple's second-generation AirPods Pro could arrive alongside a new series of accessories, recent leaked images suggest.
Alleged leaked photos of the next-generation AirPods Pro obtained by MacRumors showed a charging case with a metal loop on the side for attaching a strap. Apple has not used this design for any of its other AirPod models and it is unclear why it would be added in this...
Saturday January 15, 2022 2:06 pm PST by Tim Hardwick
Much has been said about what consumers could see from Apple in 2022, but the company is also working on a handful of rumored products that aren't expected to be unveiled for at least another 12 months, and in some cases a lot longer. Of course, that's assuming they get released at all. Apple works on many potential products some of which ultimately never see the light of day. With that in...
Sunday January 16, 2022 3:37 pm PST by Joe Rossignol
A bug in WebKit's implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS.
In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user's browsing session....
Saturday January 15, 2022 8:05 pm PST by Joe Rossignol
Apple is planning to release a fifth-generation iPad Air with similar features as the sixth-generation iPad mini, including an A15 Bionic chip, 12-megapixel Ultra Wide front camera with Center Stage support, 5G for cellular models, and Quad-LED True Tone flash, according to Japanese blog Mac Otakara.
Citing reliables sources in China, the report claims that the new iPad Air could be...
Friday January 14, 2022 12:46 pm PST by Juli Clover
Netflix today updated the prices for its streaming plans, and all of its offerings are now more expensive. The Basic plan is now priced at $9.99 per month, the Standard plan is priced at $15.49 per month, and the Premium plan is priced at $19.99 per month.
The Basic plan is $1 more expensive, up from $8.99 per month. This plan allows users to watch on just one screen at a time, and it limits ...
Hole-punch? Pill? Hole-punch and pill? Rumors about what the front camera system on the iPhone 14 Pro will look like are evolving rapidly, and it now appears we might be getting a novel but potentially controversial design later this year.
Other major stories this week included some confusion and controversy about iCloud Private Relay being disabled for some T-Mobile customers, increasing...
Friday January 14, 2022 7:02 am PST by Joe Rossignol
Apple is rumored to announce four new iPhone 14 models in September, and ahead of time, analyst Jeff Pu has outlined his expectations for the devices.
In a research note with Haitong International Securities, obtained by MacRumors, Pu claimed that all iPhone 14 models will feature ProMotion displays, compared to only Pro models currently. ProMotion enables a variable refresh rate up to 120Hz ...
Top Rated Comments