Apple Reportedly Patches XSS Vulnerability on iCloud's Website - MacRumors
Skip to Content

Apple Reportedly Patches XSS Vulnerability on iCloud's Website

In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple's ‌iCloud‌ website.

24330f3b719ded3a3092a6ff695d8a34

According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the ‌iCloud‌ website with the name field containing the XSS payload. Sharing the document with another user, creating a change, saving, and then clicking "Browse All Versions" under Settings would have triggered the XSS payload.

Given the vulnerability revolved around the ‌iCloud‌ website, it's not linked to a recent software update and has reportedly been patched by Apple server-side. Bharad says he submitted the issue to Apple on August 7, 2020, and received a $5,000 bounty on October 9, 2020. We've reached out to Apple for comment and we'll update if we hear back.

Popular Stories

iOS 26

iOS 26.4.1 Includes These Two Changes for iPhones

Wednesday April 8, 2026 7:17 pm PDT by
Apple has released a minor iOS 26.4.1 update for the iPhone 11 and newer. While the release notes for the update only mention unspecified "bug fixes," we have since learned about two specific changes that are included in it. First, 9to5Mac spotted an Apple Developer Forums thread suggesting that iOS 26.4.1 fixes an iOS 26.4 bug that affected iCloud syncing in some apps. Second, an...
macOS 27 on MacBook Pro

macOS 27 Will Mark the End of an Era

Saturday April 18, 2026 6:45 am PDT by
During its Platforms State of the Union segment at WWDC 2025, Apple revealed that macOS 26 Tahoe is the final major macOS version for Intel-based Macs. The upcoming macOS 27 release will be compatible with Apple silicon Macs only, meaning that you will need a Mac with an M-series chip or a MacBook Neo with an A18 Pro chip in order to install the software update. macOS 27 should be available...
macworld iphone 18 pro colors

iPhone 18 Pro's Four Rumored Colors Revealed, Including 'Dark Cherry'

Friday April 17, 2026 3:50 am PDT by
A source said to be familiar with Apple's supply chain today revealed the color options Apple is planning for the iPhone 18 Pro, iPhone 18 Pro Max, and the upcoming foldable iPhone. Image via Macworld. The information comes from Macworld, which says the signature new color for this year's Pro models will be Dark Cherry, a deep wine-like red. While other sources had previously reported on a...

Top Rated Comments

Razorpit Avatar
67 months ago
Good thing no one ever shares a Pages or Keynote document on iCloud. Could have been catastrophic! 😉
Score: 8 Votes (Like | Disagree)
67 months ago

I joke about their usage in the real world, but I use Pages and Numbers regularly. It just feels like I'm the only one.
I use them exclusively. They work fine for local content creation and I just export to doc/excel when I need to share.
Score: 5 Votes (Like | Disagree)
67 months ago

Good thing no one ever shares a Pages or Keynote document on iCloud. Could have been catastrophic! 😉
Maybe it would of been fixed faster if Apple made pages a real competitor to Docs and Word
Score: 4 Votes (Like | Disagree)
Razorpit Avatar
67 months ago

Maybe it would of been fixed faster if Apple made pages a real competitor to Docs and Word
I joke about their usage in the real world, but I use Pages and Numbers regularly. It just feels like I'm the only one.
Score: 3 Votes (Like | Disagree)
67 months ago

Good thing no one ever shares a Pages or Keynote document on iCloud. Could have been catastrophic! 😉
Fantastically analyzed.
Score: 2 Votes (Like | Disagree)
67 months ago
I forgot Apple even had a web based interface for Pages etc. I wonder how many people use it? How much does Apple spend maintaining this?

I actually love Pages and Numbers, but I only use them via the apps.
Score: 1 Votes (Like | Disagree)