In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple's iCloud website.
According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the iCloud website with the name field containing the XSS payload. Sharing the document with another user, creating a change, saving, and then clicking "Browse All Versions" under Settings would have triggered the XSS payload.
Given the vulnerability revolved around the iCloud website, it's not linked to a recent software update and has reportedly been patched by Apple server-side. Bharad says he submitted the issue to Apple on August 7, 2020, and received a $5,000 bounty on October 9, 2020. We've reached out to Apple for comment and we'll update if we hear back.
Following today's release of iOS 14.5.1 and last week's release of iOS 14.5, Apple has stopped signing iOS 14.4.2, the previously available version of iOS 14 released on March 26. With iOS 14.4.2 no longer being signed, it is not possible to downgrade to iOS 14.4.2 from iOS 14.5 or iOS 14.5.1 if you've already updated your iPhone or iPad.
Apple routinely stops signing older versions of...
A ransomware group that last week stole schematics from Apple supplier Quanta Computer and threatened to release the trove of documents has mysteriously removed all references related to the extortion attempt from its dark web blog, MacRumors can confirm.
The ransomware group known as REvil claimed last Tuesday that it had accessed the internal computers of Taiwan-based Quanta and managed to ...
Wednesday February 3, 2021 10:56 am PST by Juli Clover
Several of Apple's services are experiencing an outage at the current time, with Apple noting service interrupts for iCloud Backup, iCloud Drive, iCloud Notes, iCloud Storage Upgrades, and Photos on its System Status page.
The issue has been ongoing since approximately 10:13 a.m. Pacific Time. Apple says that users may be unable to use these services during the outage, so features like...
The App Store and Mac App Store are currently experiencing an outage, according to Apple's System Status page. Apple says that App Store services could be slow or unavailable for some users, with the problem starting at 10:05 a.m. Pacific Time.
Other services like iCloud Drive, iCloud Mail, and iMessage are also listed as experiencing issues, with some users unable to access Apple's...
If you're low on iCloud storage but want to buy a new device and transfer your data, Apple is making the process easier in iOS 15 with a temporary storage boost.
Apple says that the new feature will grant you as much storage as you need to complete a temporary backup for up to three weeks, letting users transfer their apps, data, and settings to a new device using iCloud even when there's an ...
At WWDC, Apple announced that iCloud is getting a premium subscription tier called "iCloud+," which includes "Private Relay" that allows users to browse the web through Safari with all information leaving their device remaining encrypted and access to "Hide My Email." One of the headlining features for iCloud+ is Private Relay, which, similarly to a VPN, ensures that all traffic leaving a...
Starting with iOS 15 and iPadOS 15, which will be publicly released in the fall, security cameras and video doorbells that support HomeKit Secure Video can now detect and notify you when a package has been delivered.
HomeKit Secure Video, available on iOS 13.2 and later, leverages iCloud to securely stream and store video clips from compatible HomeKit-enabled indoor and outdoor cameras and...
Apple today released a new version of Safari 14.1 for macOS Catalina and macOS Mojave users, with the update introducing fixes for two WebKit vulnerabilities that were patched in macOS Big Sur yesterday.
Apple's support document for the updated Safari release confirms that it addresses the same WebKit memory corruption issue and an integer overflow bug for users of older versions of macOS. ...
macOS Big Sur 11.4, which was released this morning, addresses a zero-day vulnerability that could allow attackers to piggyback off of apps like Zoom, taking secret screenshots and surrepetiously recording the screen.
Jamf, a mobile device management company, today highlighted a security issue that allowed Privacy preferences to be bypassed, providing an attacker with Full Disk Access,...
iCloud Mail has been experiencing an outage that began a few hours ago, and some users may be experiencing intermittent issues with accessing their inbox as a result, according to Apple's system status page.
Only some users are affected by the outage, according to Apple, so your mileage may vary. We'll update this story once the issue is marked as resolved.
There was also an iCloud Keychain ...
Top Rated Comments