Apple Reportedly Patches XSS Vulnerability on iCloud's Website

by

In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple's ‌iCloud‌ website.

24330f3b719ded3a3092a6ff695d8a34

According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the ‌iCloud‌ website with the name field containing the XSS payload. Sharing the document with another user, creating a change, saving, and then clicking "Browse All Versions" under Settings would have triggered the XSS payload.

Given the vulnerability revolved around the ‌iCloud‌ website, it's not linked to a recent software update and has reportedly been patched by Apple server-side. Bharad says he submitted the issue to Apple on August 7, 2020, and received a $5,000 bounty on October 9, 2020. We've reached out to Apple for comment and we'll update if we hear back.

Tags: security, iCloud

Top Rated Comments

Razorpit Avatar
Razorpit
2 weeks ago
Good thing no one ever shares a Pages or Keynote document on iCloud. Could have been catastrophic! ?
Score: 8 Votes (Like | Disagree)
locovaca Avatar
locovaca
2 weeks ago

I joke about their usage in the real world, but I use Pages and Numbers regularly. It just feels like I'm the only one.
I use them exclusively. They work fine for local content creation and I just export to doc/excel when I need to share.
Score: 5 Votes (Like | Disagree)
wfulle Avatar
wfulle
2 weeks ago

Good thing no one ever shares a Pages or Keynote document on iCloud. Could have been catastrophic! ?
Maybe it would of been fixed faster if Apple made pages a real competitor to Docs and Word
Score: 4 Votes (Like | Disagree)
Razorpit Avatar
Razorpit
2 weeks ago

Maybe it would of been fixed faster if Apple made pages a real competitor to Docs and Word
I joke about their usage in the real world, but I use Pages and Numbers regularly. It just feels like I'm the only one.
Score: 3 Votes (Like | Disagree)
sdz Avatar
sdz
2 weeks ago

Good thing no one ever shares a Pages or Keynote document on iCloud. Could have been catastrophic! ?
Fantastically analyzed.
Score: 2 Votes (Like | Disagree)
wfulle Avatar
wfulle
2 weeks ago

I joke about their usage in the real world, but I use Pages and Numbers regularly. It just feels like I'm the only one.
I might actually try them again because I really do like the simplicity and maybe its gotten better.
Score: 1 Votes (Like | Disagree)
Read All Comments

Top Stories

imac pro featured black

Apple Confirms iMac Pro Will Be Discontinued When Supplies Run Out, Recommends 27-Inch iMac

Saturday March 6, 2021 7:33 am PST by
Apple on late Friday evening added a "while supplies last" notice to its iMac Pro product page worldwide, and removed all upgrade options for the computer, leaving only the standard configuration available to order for now. We've since confirmed with Apple that when supplies run out, the iMac Pro will no longer be available whatsoever. Apple says the latest 27-inch iMac introduced in August...
Read Full Article326 comments
bloodoxygenapplewatch

Apple Watch Series 7 to Gain Breakthrough New Health Feature

Friday March 5, 2021 5:34 am PST by
Apple is reportedly planning to bring a new, first-of-its-kind health technology to the Apple Watch Series 7, in what could be a breakthrough for managing conditions such as diabetes more easily. According to a recent report from ETNews, the Apple Watch Series 7 will feature blood glucose monitoring via a non-invasive optical sensor. Measuring blood glucose levels, also known as blood...
Read Full Article
Top Stories 48

Top Stories: iPhone 13 Leaks, OLED iPads and Macs, New AirTags Evidence

Saturday March 6, 2021 6:00 am PST by
iPhone rumors are heating up, with noted analyst Ming-Chi Kuo this week releasing a wide-ranging report outlining his expectations for the iPhone lineup over the next three years. This week also saw rumors about OLED displays potentially coming to iPad and Mac starting next year, increasing signs of AirTags functionality in iOS 14.5 betas, and more, so check out all of the details below! i...
Read Full Article57 comments
apple products refurbished store banner

Class Action Lawsuit Over Apple Providing Refurbished Replacement Devices Proceeding to Trial in August

Friday March 5, 2021 9:53 am PST by
Initially filed in 2016, a class action lawsuit that accuses Apple of violating the Magnusson-Moss Warranty Act, Song-Beverly Consumer Warranty Act, and other U.S. laws by providing customers with refurbished replacement devices is set to proceed to trial August 16, according to a notice this week from law firm Hagens Berman Sobol Shapiro LLP. Apple's repair terms and conditions state that,...
Read Full Article177 comments
Oled iPads and MackBook Pro

OLED 10.9-Inch iPad Rumored for Early 2022, 12.9-Inch iPad Pro and 16-Inch MacBook Pro Could Follow

Thursday March 4, 2021 8:37 pm PST by
Earlier today, DigiTimes shared a preview of an upcoming report claiming that Apple is working on both iPad and Mac notebook models with OLED displays that could launch starting in 2022. The full report from DigiTimes is now available, and it includes several new alleged details about Apple's plans. According to the report, the first of these devices to adopt an OLED display is likely to be...
Read Full Article110 comments
iPhone 13 Notch Feature2

iPhone 13 Rumor Recap: Smaller Notch, Larger Batteries, 120Hz for Pro Models, Improved 5G, Wi-Fi 6E, and More

Friday March 5, 2021 8:20 am PST by
While we are likely at least six months away from Apple unveiling the so-called iPhone 13 lineup, rumors about the devices are starting to accumulate, so we've put together this recap of everything that is expected so far. The upcoming iPhone 13 lineup will consist of the same four models and the same screen sizes as the iPhone 12 lineup, according to reputable analyst Ming-Chi Kuo,...
Read Full Article132 comments
imac pro while supplies last

iMac Pro No Longer Custom Configurable, Available 'While Supplies Last'

Friday March 5, 2021 10:14 pm PST by
Apple appears to be on the verge of discontinuing the iMac Pro, with the store page for the high-end all-in-one Mac including a "While supplies last" tagline and only the base model with no custom configurations available for purchase. The iMac Pro launched in December 2017, and while there have been a few tweaks to the available configurations over the years, it has received no substantial...
Read Full Article142 comments
hlh030121feafutureoffitness012 1614286673

A Look Inside Apple's 23,000 Square-Foot Fitness+ Studio

Friday March 5, 2021 10:59 am PST by
Apple Fitness+, the latest service to join the Apple family, integrates tightly with the Apple Watch to offer a comprehensive and growing selection of workout and exercise videos made by a team of professional trainers. Apple Fitness+ Studio (via Men's Health) Apple curates and records all of the videos at a location in Santa Monica, California, and each video features a similar background...
Read Full Article107 comments
maxresdefault

What's on Your iPhone Home Screen?

Thursday March 4, 2021 10:31 am PST by
Over on our YouTube channel, MacRumors videographer Dan has a new video up where he shares his Home Screen, wallpaper, and all of his current favorite widgets. Subscribe to the MacRumors YouTube channel for more videos. Check out Dan's video to see his setup, and then comment below and show us your own Home Screens. It's always fun to see other peoples' Home Screens, and with widgets and...
Read Full Article89 comments
microsoft edge vertical tabs

Microsoft Edge 89 Brings Vertical Tabs and New History View

Friday March 5, 2021 4:06 am PST by
Microsoft has officially released version 89 of its popular Chromium-based Edge browser, bringing its long-trialed vertical tabs feature to Mac for the first time. Vertical tabs are intended to make more efficient use of screen space, and should prove a welcome addition for users browsing on 16:9 ratio displays in particular. Users can click vertical tabs to switch between them and...
Read Full Article170 comments