Apple Fixes Security Vulnerability with Pages and Keynotes in iCloud
Posted by Mahit Huilgol on Feb 22, 2021 in iCloud, News
Apple has paid a bounty hunter $5000 for discovering a security flaw on iCloud. The security flaw is stored in an XSS file on iCloud.com. It allows attackers to embed malicious codes by creating new Pages or Keynotes documents.
The vulnerability belongs to the XSS class and is typically used to deploy payloads on target servers. Once deployed, it is used to steal personal information, including cookies, browser data and much more. Bharad discovered the vulnerability in the Page/Keynotes on an iCloud domain.