In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple's iCloud website.
According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the iCloud website with the name field containing the XSS payload. Sharing the document with another user, creating a change, saving, and then clicking "Browse All Versions" under Settings would have triggered the XSS payload.
Given the vulnerability revolved around the iCloud website, it's not linked to a recent software update and has reportedly been patched by Apple server-side. Bharad says he submitted the issue to Apple on August 7, 2020, and received a $5,000 bounty on October 9, 2020. We've reached out to Apple for comment and we'll update if we hear back.
Instagram will remove end-to-end encryption for direct messages between users from May 8, 2026. When the date comes around, Meta will potentially be able to see the contents of all messages between users on the social media platform.
Encrypting messages has been an optional feature in Instagram since 2023, but in March of this year the social media platform quietly updated a help page to say ...
Apple was not able to narrow the scope of a UK lawsuit accusing it of locking 40 million UK consumers into iCloud, to the detriment of third-party cloud storage providers. British consumer group Which? first filed the lawsuit in late 2024, and is asking for £3 billion for UK Apple customers.
Apple wanted to exclude non-paying iCloud users from the lawsuit, but the tribunal denied Apple's...
Starting as early as next week, customers who sign up for an Apple Card at Apple's retail stores in the U.S. will receive $249 cash back when they purchase AirPods Pro 3, according to Bloomberg's Mark Gurman. The promotion has yet to be officially announced by Apple, so exact terms and conditions are not available at this time.
AirPods Pro 3 are priced at $249 in the U.S., so customers who...
