In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple's iCloud website.
According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the iCloud website with the name field containing the XSS payload. Sharing the document with another user, creating a change, saving, and then clicking "Browse All Versions" under Settings would have triggered the XSS payload.
Given the vulnerability revolved around the iCloud website, it's not linked to a recent software update and has reportedly been patched by Apple server-side. Bharad says he submitted the issue to Apple on August 7, 2020, and received a $5,000 bounty on October 9, 2020. We've reached out to Apple for comment and we'll update if we hear back.
Last year, Apple launched CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. Nearly a year later, CarPlay Ultra is still limited to Aston Martin's latest luxury vehicles, but that should change fairly soon.
In May 2025, Apple said many other vehicle brands planned to offer CarPlay Ultra, including Hyundai, Kia, and Genesis.
CarPlay Ultra...
Bloomberg's Mark Gurman today revealed another iOS 27 change: notifications will slide in from the left side of the screen instead of from the top.
In addition, accessing Notification Center on iOS 27 will require swiping down on the top-left corner of the screen. If you swipe down on the Dynamic Island area, a new "Search or Ask" interface tied to the revamped Siri will appear, instead of...
Apple has several hardware releases in the pipeline, but will we see any of them unveiled at this year's Worldwide Developers Conference?
WWDC is primarily a software event where new versions of iOS, iPadOS, macOS, watchOS, tvOS, and visionOS take center stage, but it's not unusual for Apple to introduce new hardware during the developer conference. Take WWDC 2017, for example, where Apple...
