HackDig : Dig high-quality web security articles for hacker

Researcher Reports Vulnerability in Apple iCloud Domain

2021-02-22 18:50
A stored cross-site scripting vulnerability in the iCloud website reportedly earned a security researcher $5,000.

Apple has reportedly fixed a stored cross-site scripting (XSS) vulnerability in the iCloud domain following its discovery by security researcher Vishal Bharad, ZDNet reports.

Related Content:

Attackers Already Targeting Apple's M1 Chip with Custom Malware

Special Report: Understanding Your Cyber Attackers

New From The Edge: Breach Etiquette: How to Mind Your Manners When It Matters

Stored XSS, also known as persistent XSS, vulnerabilities occur when an attacker finds a flaw in a Web application and injects malicious code into its server. Bharad reportedly found this bug in the Page/Keynotes feature of the iCloud website.

To exploit this vulnerability, an attacker would have to create new content in either Pages or Keynote and enter their XSS payload into the name field. They would have to save this and send it to, or collaborate with, another user. The attacker would then need to make some changes to the content, resave it, and then go to Settings > Browse All Versions.

The XSS would trigger after "Browse All Versions" was clicked, Bharad explains in a blog post.

Bharad reported the vulnerability to Apple on Aug. 7, 2020, and was rewarded $5,000 for his findings. 

Read Bharad's full blog post here and more details here.


Source: mod-duolci-elppa-ni-ytilibarenluv-stroper-rehcraeser/ecnegilletni-taerht/moc.gnidaerkrad.www

Read:148 | Comments:0 | Tags: Cloud Vulnerability

“Researcher Reports Vulnerability in Apple iCloud Domain”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud