In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple's iCloud website.
According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the iCloud website with the name field containing the XSS payload. Sharing the document with another user, creating a change, saving, and then clicking "Browse All Versions" under Settings would have triggered the XSS payload.
Given the vulnerability revolved around the iCloud website, it's not linked to a recent software update and has reportedly been patched by Apple server-side. Bharad says he submitted the issue to Apple on August 7, 2020, and received a $5,000 bounty on October 9, 2020. We've reached out to Apple for comment and we'll update if we hear back.
Wednesday January 12, 2022 2:23 pm PST by Juli Clover
iOS 15.2 did not introduce a bug that turned iCloud Private Relay off for some users, Apple said in a statement that was provided to MacRumors. The statement was in response to a T-Mobile claim that iOS 15.2 had automatically toggled the iCloud Private Relay feature off for some users.
iCloud Private Relay is an innovative internet privacy service that allows users with an iCloud+ subscription ...
Major EU mobile operators are reportedly looking for Apple's iCloud Private Relay service to be outlawed because it allegedly infringes upon EU "digital sovereignty," according to a report from The Telegraph.
iCloud Private Relay was a feature announced with iOS 15 that encrypts data so that neither Apple nor a third-party can see users' browsing activity in Safari. With iCloud Private Rely...
Friday December 10, 2021 2:32 am PST by Tim Hardwick
Mozilla has released Firefox 95, featuring a new version of its security sandboxing subsystem called RLBox, and additional performance and efficiency improvements for the macOS version of the web browser. According to the release notes, RLBox is a new technology that hardens Firefox against potential security vulnerabilities in third-party libraries. The sandbox subsystem works by...
Wednesday November 10, 2021 11:07 am PST by Juli Clover
Apple today introduced a major update to iCloud for Windows, bringing the version number for the software to 13. Apple has added support for Apple ProRes videos and Apple ProRAW photos, so files in these formats can now be accessed from Windows PCs via iCloud.
All participants of an iCloud Drive shared file or folder are now also able to add or remove people, and Apple has introduced support ...
Sunday January 16, 2022 3:37 pm PST by Joe Rossignol
A bug in WebKit's implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS.
In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user's browsing session....
Tuesday January 11, 2022 12:02 pm PST by Juli Clover
T-Mobile has not disabled iCloud Private Relay for its subscribers, in contrast to recent reports suggesting the carrier was preventing iPhone users from enabling the feature.
In a statement to Bloomberg's Mark Gurman, T-Mobile said that iOS 15.2 device settings that default to the feature being toggled off, and that Apple has been contacted. T-Mobile explicitly says that iCloud relay has...
Thursday February 17, 2022 11:50 am PST by Juli Clover
Following the release of iOS 15.3.1 on February 10, Apple has stopped signing iOS 15.3, the previously available version of iOS that came out in late January. Because iOS 15.3 is no longer being signed, it is not possible to downgrade to that version of iOS if you've updated to iOS 15.3.1.
Apple routinely stops signing older versions of software updates after new releases come out in order...
Apple plans to merge its iCloud Documents and Data service with iCloud Drive starting in May of 2022, according to a support document published late last week (via MacGeneration).
iCloud Drive and iCloud Documents and Data share the fundamental ability to backup data from apps. However, iCloud Documents and Data was often a cumbersome, confusing experience. In contrast, iCloud Drive is more...
Although Black Friday is now technically over, many Apple products are still seeing major discounts through the weekend as we head into Cyber Monday. In this article, you'll find every Apple device with a notable Black Friday sale that's still available. We'll be updating as prices change and new deals arrive, so be sure to keep an eye out if you don't see the sale you're looking for yet.
Note:...
Cellular carriers have always offered big savings on the newest iPhone models during the holidays, and Cyber Monday is no different. We're tracking notable offers on the iPhone 14 and iPhone 14 Pro devices from AT&T, Verizon, and T-Mobile. For even more savings, keep an eye on older models like the iPhone 13.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a...
Friday November 25, 2022 3:33 am PST by Tim Hardwick
Nothing Phone 1 users today began receiving the Nothing OS 1.1.7 update, which adds support for displaying the battery percentage of connected AirPods, amongst other improvements and bug fixes.
If you own a Nothing Phone 1, you can check for the OTA update by going to Settings -> System -> System updates. Bear in mind that as support for displaying AirPods battery level is still an...
Cyber Monday deals have been in full swing since Black Friday deals ended, and we're seeing solid discounts on Apple devices. We're highlighting the best sales for all of Apple's product lines, and in this article you'll find the best Cyber Monday sales on iPad, iPad Pro, iPad Air, and iPad mini.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make ...
Friday November 25, 2022 2:58 am PST by Sami Fathi
An Apple engineer has addressed the lack of lossless audio support in the second-generation AirPods Pro in a new interview. Current Bluetooth technology in the AirPods lineup means that Apple's audio products do not support Apple Music Lossless audio. Apple has previously hinted that it may develop its own codec and connectivity standard that builds on AirPlay and supports higher quality...
The Black Friday and Cyber Monday holiday shopping rush is drawing to a close, but there are still some good deals to be had out there. For Apple products, many of the deals you've seen since last week are still available, though some have expired. So for anyone who missed out on Black Friday deals, there's still an opportunity to get some of the year's best prices on many Apple devices.
Note: ...
Monday November 28, 2022 6:11 am PST by Joe Rossignol
Apple today announced that the Oceanic+ app is available for the Apple Watch Ultra starting today. Designed by Huish Outdoors in collaboration with Apple, the app serves as a dive computer for recreational scuba diving at depths up to 40 meters/130 feet.
Apple already offers a basic Depth app on the Apple Watch Ultra for viewing your current depth, maximum depth reached, water temperature,...
While we already have some clear indications about what to expect from the fourth-generation iPhone SE, there are three major questions looming over the device at the current time.
Chinese site MyDrivers and and leaker Jon Prosser believe that the iPhone SE is set to move to an iPhone XR-like design in its next incarnation, which would involve eliminating the Home button and adding a "notch" ...
Top Rated Comments