According to a new blog post, Mac users can be used to send malware which is a security hole for Mac users.
This allowed an attacker to embed malicious code into pages or key documents, which could then be shared with others …
Bounty hunter and penetration tester Vishal Bharad claims to have discovered a security vulnerability, which is an XSS issue stored on icloud.com.
Stored XSS vulnerabilities, also known as persistent XSS, can be used to store payloads on target servers, inject malicious scripts into websites, and possibly cookies, session tokens, and browsers. Can be used to steal data.
According to Bharad, the XSS flaw in icloud.com was found in the Pages / Keynotes features of Apple’s iCloud domain.
Bharad says that Apple gave him a bug bounty of $ 5,000 to find and report it.
The relatively low payoff for a potentially serious defect was likely due to the very specific steps required to trigger it, making it difficult to exploit.
To trigger the bug, an attacker had to create new pages or main content with an XSS payload presented in the name field.
This content must then be saved and sent or shared with another user. An attacker would then be prompted to make one or two changes to the malicious content, re-register it, and then go to “Settings” and “Browse All Versions”.
After clicking on that option, the XSS payload will fire, the researcher said.
You can see the proof of concept video below.
Apple first introduced security bug bounties in 2016, but has come due to an attack by security researchers on two fronts. At first, it was an invitation-only event; Second, the maximum payout was $ 200,000. Both factors have been said to lead people to sell information to governments and black hat companies that will take advantage of this to dent Apple devices. At the end of last year, the Cupertino company addressed both of these issues by opening the program to everyone and raising the maximum payout to $ 1.5 million.
FTC: We use affiliate links that generate automatic income. After
Consultation. For more information about Apple on YouTube: