Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Researcher Reports Vulnerability in Apple iCloud DomainResearcher Reports Vulnerability in Apple iCloud Domain
A stored cross-site scripting vulnerability in the iCloud website reportedly earned a security researcher $5,000.
1 Min Read
Apple has reportedly fixed a stored cross-site scripting (XSS) vulnerability in the iCloud domain following its discovery by security researcher Vishal Bharad, ZDNet reports.
Stored XSS, also known as persistent XSS, vulnerabilities occur when an attacker finds a flaw in a Web application and injects malicious code into its server. Bharad reportedly found this bug in the Page/Keynotes feature of the iCloud website.
To exploit this vulnerability, an attacker would have to create new content in either Pages or Keynote and enter their XSS payload into the name field. They would have to save this and send it to, or collaborate with, another user. The attacker would then need to make some changes to the content, resave it, and then go to Settings > Browse All Versions.
The XSS would trigger after "Browse All Versions" was clicked, Bharad explains in a blog post.
Bharad reported the vulnerability to Apple on Aug. 7, 2020, and was rewarded $5,000 for his findings.
About the Author
You May Also Like
More Insights
Webinars
Uncovering Threats to Your Mainframe & How to Keep Host Access Secure
Feb 13, 2025Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025Where Does Outsourcing Make Sense for Your Organization?
Feb 27, 2025
_vska_Alamy_.jpg?width=700&auto=webp&quality=80&disable=upscale)
_Brain_light_Alamy.jpg?width=700&auto=webp&quality=80&disable=upscale)