Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com

A white hat hacker has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. The bug bounty hunter Vishal Bharad has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. Bharad was searching for cross-site request forgery (CSRF), insecure direct object […]

Apple zero-day

A white hat hacker has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com.

The bug bounty hunter Vishal Bharad has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com.

Bharad was searching for cross-site request forgery (CSRF), insecure direct object reference (IDOR), and other vulnerabilities in the Apple icloud.com website, when he found a stored XSS vulnerability.

Once he has logged in to icloud.com, he inserted payloads everywhere and looked for the webpages where the payloads or strings were reflected in response.

The vulnerability discovered by the expert resides in the Pages and Keynote software hosted on iCloud. In order to exploit the issue, the expert created a new document or presentation and entered an XSS payload into its name field, then shared a link to it with the targeted user.

The attack could be completed by tricking the targeted user into accessing the “Browse All Versions” feature from the “Settings” menu. Upon clicking on the “Browse All Versions,” the malicious payload will be executed in the victim’s browser.

Below the step by step procedure to reproduce the bug:

  1. Go to Page/Keynotes https://www.icloud.com/pages/ or https://www.icloud.com/keynotes
  2. Create Pages or Keynote with the name XSS payload “><img src=x onerror=alert(0)>
  3. Send this to the user or collaborate with any user.
  4. Then go to the pages, make some changes and save
  5. again, go to the pages and go to Settings >> Browser All Versions.
  6. After click on Browse All Versions. XSS will trigger

Bharad also published a video PoC for exploitation of the Stored XSS flaw:

The experts reported the flaw to Apple on August 7th, 2020, and on October 9th, 2020 Apple rewarded him a $5,000 bounty.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, XSS)

[adrotate banner=”5″]

[adrotate banner=”13″]