HomeTech

A security vulnerability in iCloud is reportedly fabricated by Apple

Posted by February 22, 2021 in Tech 0

According to a new blog post, Mac users can be used to send malware which is a security hole for Mac users.

This allowed an attacker to embed malicious code into pages or key documents, which could then be shared with others …

Rapports ZDNet:

Bounty hunter and penetration tester Vishal Bharad claims to have discovered a security vulnerability, which is an XSS issue stored on icloud.com.

Stored XSS vulnerabilities, also known as persistent XSS, can be used to store payloads on target servers, inject malicious scripts into websites, and possibly cookies, session tokens, and browsers. Can be used to steal data.

According to Bharad, the XSS flaw in icloud.com was found in the Pages / Keynotes features of Apple’s iCloud domain.

Bharad says that Apple gave him a bug bounty of $ 5,000 to find and report it.

The relatively low payoff for a potentially serious defect was likely due to the very specific steps required to trigger it, making it difficult to exploit.

To trigger the bug, an attacker had to create new pages or main content with an XSS payload presented in the name field.

This content must then be saved and sent or shared with another user. An attacker would then be prompted to make one or two changes to the malicious content, re-register it, and then go to “Settings” and “Browse All Versions”.

After clicking on that option, the XSS payload will fire, the researcher said.

You can see the proof of concept video below.

Apple first introduced security bug bounties in 2016, but has come due to an attack by security researchers on two fronts. At first, it was an invitation-only event; Second, the maximum payout was $ 200,000. Both factors have been said to lead people to sell information to governments and black hat companies that will take advantage of this to dent Apple devices. At the end of last year, the Cupertino company addressed both of these issues by opening the program to everyone and raising the maximum payout to $ 1.5 million.

See also  Mourning Google Pixel bug that broke the phones back, check how you are infected

FTC: We use affiliate links that generate automatic income. After

Consultation. For more information about Apple on YouTube:

You May Also Like

RogueBook: A new look at the RoguLike deckbuilder – News

A virtual companion to help us understand the general terms of use on the Internet

Monster Hunter Rises – Always More Sales

Amazon has just converted its Echo Show connected screen to surveillance cameras.

About the Author: Tad Fisher

Prone to fits of apathy. Music specialist. Extreme food enthusiast. Amateur problem solver.

Leave a Reply

Your email address will not be published. Required fields are marked *