Apple Reportedly Patches XSS Vulnerability on iCloud's Website

In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple's ‌iCloud‌ website.

24330f3b719ded3a3092a6ff695d8a34

According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the ‌iCloud‌ website with the name field containing the XSS payload. Sharing the document with another user, creating a change, saving, and then clicking "Browse All Versions" under Settings would have triggered the XSS payload.

Given the vulnerability revolved around the ‌iCloud‌ website, it's not linked to a recent software update and has reportedly been patched by Apple server-side. Bharad says he submitted the issue to Apple on August 7, 2020, and received a $5,000 bounty on October 9, 2020. We've reached out to Apple for comment and we'll update if we hear back.

Top Rated Comments

Razorpit Avatar
12 months ago
Good thing no one ever shares a Pages or Keynote document on iCloud. Could have been catastrophic! ?
Score: 8 Votes (Like | Disagree)
locovaca Avatar
12 months ago

I joke about their usage in the real world, but I use Pages and Numbers regularly. It just feels like I'm the only one.
I use them exclusively. They work fine for local content creation and I just export to doc/excel when I need to share.
Score: 5 Votes (Like | Disagree)
wfulle Avatar
12 months ago

Good thing no one ever shares a Pages or Keynote document on iCloud. Could have been catastrophic! ?
Maybe it would of been fixed faster if Apple made pages a real competitor to Docs and Word
Score: 4 Votes (Like | Disagree)
Razorpit Avatar
12 months ago

Maybe it would of been fixed faster if Apple made pages a real competitor to Docs and Word
I joke about their usage in the real world, but I use Pages and Numbers regularly. It just feels like I'm the only one.
Score: 3 Votes (Like | Disagree)
sdz Avatar
12 months ago

Good thing no one ever shares a Pages or Keynote document on iCloud. Could have been catastrophic! ?
Fantastically analyzed.
Score: 2 Votes (Like | Disagree)
wfulle Avatar
12 months ago

I joke about their usage in the real world, but I use Pages and Numbers regularly. It just feels like I'm the only one.
I might actually try them again because I really do like the simplicity and maybe its gotten better.
Score: 1 Votes (Like | Disagree)

Related Stories

iOS 14

Apple Stops Signing iOS 14.4.2 After Releasing iOS 14.5.1 With Fix for Actively Exploited Security Issues

Monday May 3, 2021 1:25 pm PDT by
Following today's release of iOS 14.5.1 and last week's release of iOS 14.5, Apple has stopped signing iOS 14.4.2, the previously available version of iOS 14 released on March 26. With iOS 14.4.2 no longer being signed, it is not possible to downgrade to iOS 14.4.2 from iOS 14.5 or iOS 14.5.1 if you've already updated your iPhone or iPad. Apple routinely stops signing older versions of...
Ports 2021 MacBook Pro Mockup Feature 1 copy

Hacker Group Mysteriously Removes Stolen Apple Schematics and Extortion Threat From Ransomware Website

Monday April 26, 2021 5:00 am PDT by
A ransomware group that last week stole schematics from Apple supplier Quanta Computer and threatened to release the trove of documents has mysteriously removed all references related to the extortion attempt from its dark web blog, MacRumors can confirm. The ransomware group known as REvil claimed last Tuesday that it had accessed the internal computers of Taiwan-based Quanta and managed to ...
icloud services issue

iCloud Drive, Notes, Photos, and iCloud Backup Experiencing Issues [Update: Fixed]

Wednesday February 3, 2021 10:56 am PST by
Several of Apple's services are experiencing an outage at the current time, with Apple noting service interrupts for iCloud Backup, iCloud Drive, iCloud Notes, iCloud Storage Upgrades, and Photos on its System Status page. The issue has been ongoing since approximately 10:13 a.m. Pacific Time. Apple says that users may be unable to use these services during the outage, so features like...
apple system status app store outage

Apple Says App Store, iMessage, iCloud Drive, and Other iCloud Services Are Experiencing Issues [Update: Fixed]

Monday March 29, 2021 10:51 am PDT by
The App Store and Mac App Store are currently experiencing an outage, according to Apple's System Status page. Apple says that App Store services could be slow or unavailable for some users, with the problem starting at 10:05 a.m. Pacific Time. Other services like iCloud Drive, iCloud Mail, and iMessage are also listed as experiencing issues, with some users unable to access Apple's...
icloud

Apple Temporarily Expands iCloud Storage in iOS 15 for Backing Up Data and Transferring to a New Device

Monday June 7, 2021 1:18 pm PDT by
If you're low on iCloud storage but want to buy a new device and transfer your data, Apple is making the process easier in iOS 15 with a temporary storage boost. Apple says that the new feature will grant you as much storage as you need to complete a temporary backup for up to three weeks, letting users transfer their apps, data, and settings to a new device using iCloud even when there's an ...
f1623088657

Apple Announces iCloud+, Combines Paid Storage With Privacy Features Like Hide My Email

Monday June 7, 2021 11:00 am PDT by
At WWDC, Apple announced that iCloud is getting a premium subscription tier called "iCloud+," which includes "Private Relay" that allows users to browse the web through Safari with all information leaving their device remaining encrypted and access to "Hide My Email." One of the headlining features for iCloud+ is Private Relay, which, similarly to a VPN, ensures that all traffic leaving a...
homekit secure video package

HomeKit Secure Video Cameras Can Notify You When a Package Has Arrived Starting With iOS 15

Monday June 7, 2021 4:09 pm PDT by
Starting with iOS 15 and iPadOS 15, which will be publicly released in the fall, security cameras and video doorbells that support HomeKit Secure Video can now detect and notify you when a package has been delivered. HomeKit Secure Video, available on iOS 13.2 and later, leverages iCloud to securely stream and store video clips from compatible HomeKit-enabled indoor and outdoor cameras and...
safari macos icon banner

Apple Releases New Safari 14.1 Update for macOS Catalina and Mojave With Security Fix

Tuesday May 4, 2021 2:32 pm PDT by
Apple today released a new version of Safari 14.1 for macOS Catalina and macOS Mojave users, with the update introducing fixes for two WebKit vulnerabilities that were patched in macOS Big Sur yesterday. Apple's support document for the updated Safari release confirms that it addresses the same WebKit memory corruption issue and an integer overflow bug for users of older versions of macOS. ...

Popular Stories

iPhone 14 Mock pill and hole thumb

ProMotion Now Expected to Remain Exclusive to iPhone 14 Pro Models, Not Expand to Entire Lineup

Sunday January 16, 2022 8:56 am PST by
Continuing the tradition set with the iPhone 13 Pro, only the highest-end iPhone 14 models will feature Apple's ProMotion display technology, according to a respected display analyst. Ross Young, who on multiple occasions has detailed accurate information about Apple's future products, said in a tweet that ProMotion will not be expanded to the entire iPhone 14 lineup and will remain...
AirPods Pro Gen 3 Mock Feature Red

AirPods Pro 2 Could Start a New Accessory Ecosystem

Friday January 14, 2022 2:34 am PST by
Apple's second-generation AirPods Pro could arrive alongside a new series of accessories, recent leaked images suggest. Alleged leaked photos of the next-generation AirPods Pro obtained by MacRumors showed a charging case with a metal loop on the side for attaching a strap. Apple has not used this design for any of its other AirPod models and it is unclear why it would be added in this...
Unlikely Products 2022 Feature

Six Rumored Apple Products You're Unlikely to See This Year

Saturday January 15, 2022 2:06 pm PST by
Much has been said about what consumers could see from Apple in 2022, but the company is also working on a handful of rumored products that aren't expected to be unveiled for at least another 12 months, and in some cases a lot longer. Of course, that's assuming they get released at all. Apple works on many potential products some of which ultimately never see the light of day. With that in...
safari icon blue banner

Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time

Sunday January 16, 2022 3:37 pm PST by
A bug in WebKit's implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS. In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user's browsing session....
ipad air 4 video

New iPad Air Rumored to Launch This Spring With A15 Chip, 5G, Center Stage Camera, and More

Saturday January 15, 2022 8:05 pm PST by
Apple is planning to release a fifth-generation iPad Air with similar features as the sixth-generation iPad mini, including an A15 Bionic chip, 12-megapixel Ultra Wide front camera with Center Stage support, 5G for cellular models, and Quad-LED True Tone flash, according to Japanese blog Mac Otakara. Citing reliables sources in China, the report claims that the new iPad Air could be...
netflix2

Netflix Again Raises Prices for All Plans, 4K Streaming Now $20 Per Month

Friday January 14, 2022 12:46 pm PST by
Netflix today updated the prices for its streaming plans, and all of its offerings are now more expensive. The Basic plan is now priced at $9.99 per month, the Standard plan is priced at $15.49 per month, and the Premium plan is priced at $19.99 per month. The Basic plan is $1 more expensive, up from $8.99 per month. This plan allows users to watch on just one screen at a time, and it limits ...
top stories 20220115

Top Stories: iPhone 14 Pro Rumors, iCloud Private Relay Controversy, iOS 15.2.1 Released, and More

Saturday January 15, 2022 6:00 am PST by
Hole-punch? Pill? Hole-punch and pill? Rumors about what the front camera system on the iPhone 14 Pro will look like are evolving rapidly, and it now appears we might be getting a novel but potentially controversial design later this year. Other major stories this week included some confusion and controversy about iCloud Private Relay being disabled for some T-Mobile customers, increasing...
iPhone 14 Mock pill and hole 16x9 120hz

Analyst: All iPhone 14 Models to Feature 120Hz Displays, 6GB of RAM, and More

Friday January 14, 2022 7:02 am PST by
Apple is rumored to announce four new iPhone 14 models in September, and ahead of time, analyst Jeff Pu has outlined his expectations for the devices. In a research note with Haitong International Securities, obtained by MacRumors, Pu claimed that all iPhone 14 models will feature ProMotion displays, compared to only Pro models currently. ProMotion enables a variable refresh rate up to 120Hz ...