In a blog post shared by ZDNet, security researcher Vishal Bharad claims that he found a bug that would have allowed a hacker to inject a virus or malicious script onto Apple's iCloud website.
According to Bharad, the vulnerability consisted of creating a Pages or Keynote document on the iCloud website with the name field containing the XSS payload. Sharing the document with another user, creating a change, saving, and then clicking "Browse All Versions" under Settings would have triggered the XSS payload.
Given the vulnerability revolved around the iCloud website, it's not linked to a recent software update and has reportedly been patched by Apple server-side. Bharad says he submitted the issue to Apple on August 7, 2020, and received a $5,000 bounty on October 9, 2020. We've reached out to Apple for comment and we'll update if we hear back.
Bloomberg's Mark Gurman has high expectations for Apple's first foldable iPhone.
In his Power On newsletter today, he said the foldable iPhone will be "the most significant overhaul in the iPhone's history."
"iPhone 4, iPhone 6 and iPhone X were clearly a big deal, but this is a whole new design," he said.
Like Samsung's Galaxy Z Fold 7, the foldable iPhone will reportedly open up like ...
iOS 26.5 is now available for developers, and while it doesn't include any new Siri capabilities, there are some major changes for the European Union, and smaller tweaks for features available worldwide.
Suggested Places
In the Maps app, there's a new "Suggested Places" feature that recommends locations to visit based on trending places nearby and recent searches. When Apple launches ads in ...
Tuesday March 31, 2026 10:36 am PDT by Joe Rossignol
Apple today added the MacBook Air (13-inch, 2017) to its "vintage" products list, meaning the device is now only eligible for repairs at Apple Stores and Apple Authorized Service Providers if parts remain available.
The MacBook Air (13-inch, 2017) was the final MacBook Air model released before Apple redesigned the laptop and gave it a Retina display in 2018.
Apple also added all iPad...
Thursday March 5, 2026 6:27 am PST by Tim Hardwick
Google's Threat Intelligence Group (GTIG) has a new report out about a powerful iOS exploit kit called "Coruna," which traveled from a surveillance vendor's customer to a Russian espionage group to Chinese cybercriminals, revealing a sophisticated exploit "supply chain" in the process.
Described as one of the most comprehensive iOS exploit toolkits to have been documented publicly, Coruna...
Bloomberg's Mark Gurman has high expectations for Apple's first foldable iPhone.
In his Power On newsletter today, he said the foldable iPhone will be "the most significant overhaul in the iPhone's history."
"iPhone 4, iPhone 6 and iPhone X were clearly a big deal, but this is a whole new design," he said.
Like Samsung's Galaxy Z Fold 7, the foldable iPhone will reportedly open up like ...
iOS 26.5 is now available for developers, and while it doesn't include any new Siri capabilities, there are some major changes for the European Union, and smaller tweaks for features available worldwide.
Suggested Places
In the Maps app, there's a new "Suggested Places" feature that recommends locations to visit based on trending places nearby and recent searches. When Apple launches ads in ...
