Discovery of XSS vulnerability on iCloud website brought expert $5,000

Vladimir Krasnogolovy
Vladimir Krasnogolovy
3 Min Read
XSS vulnerability on iCloud

Vishal Bharad, an Indian bug hunter and pentester, explained in a blog post, how he discovered an XSS vulnerability on iCloud.com.

Initially, the researcher searched the site for vulnerabilities related to CSRF (Cross-Site Request Forgery), IDOR (Insecure Direct Object Reference), logical errors, and so on, but by accident discovered XSS vulnerability.

I decided to hunt on Apple. As we all know, Apple is having large scope so I blindly choose icloud.com and decided to find at least 1 bug on icloud.com. I tried many vulnerabilities on icloud.com such as CSRF, IDOR, Business Logic Bugs etc. and got nothing. I keep tried to find bugs on icloud.com and after so many attempts I decided to find XSS on icloud.com.Vishal Bharad says.

The vulnerability was present in Apple Pages and Keynote hosted on iCloud. Exploiting the bug meant creating a new document or presentation and injecting an XSS payload into the name field.

So here I started the initial recon to find XSS. As we all know that we can try XSS where strings are reflected on webpage or in response. So I have logged in with icloud.com and inserted payloads everywhere and looked for the webpages where my payloads or strings over getting reflected in response. After so many attempts I got one endpoint where my payload was fired and It was my “Pursuit of Happiness.researcher shares information about the discovery.

Basically, in order to exploit the problem, the attacker had to share a link to a malicious document or presentation with his victim, and then convince her to enter the settings and use the Browse All Versions function. As soon as the victim clicked on Browse All Versions, the attacker’s malicious payload was launched in the browser. An example of such an attack can be seen below.

Bharad says that he discovered the problem back in August 2020 and he immediately reported about it to Apple. The vulnerability was fixed only in the fall, and in October 2020, company paid a reward of $5,000 to an expert for discovering this bug.

Let me remind you that in 2020, Google paid cybersecurity experts $6.7 million, and I also wrote that Researcher Earned More than $2,000,000 on HackerOne.

You Might Also Like

Cybersecurity researchers discovered Chinese hack group Earth Lusca

Microsoft recommends Exchange administrators to disable SMBv1

Attackers Can Use .Zip and .Mov Domains for Phishing

Ragnar Locker ransomware attacked Italian beverage manufacturer Gruppo Campari

Outlook Vulnerability Exploited by Russian Hackers

TAGGED:
Share This Article
By Vladimir Krasnogolovy
Follow:
Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.
Previous Article Microsoft SolarWinds Hackers Microsoft: SolarWinds Hackers Stole Source Codes of Azure, Exchange and Intune Components
Next Article Clubhouse user dialogs leaked Clubhouse user dialogs leaked to a third-party site
Leave a comment

Stay Connected

Latest News

Ivanti EPM RCE vulnerability fixed, patch now
RCE Vulnerability in Ivanti Endpoint Manager Uncovered, Patch Now
Security News
Hacker Uploads Data Leaked in MOVEit Breaches
Hacker Leaks Corporate Data Stolen in 2023 MOVEit Breaches
Security News
BBVA Bank Hacked, Data Posted on the Darknet Forum
Hacker Leaks BBVA Bank Data, Including User Details
Security News
"Verify you are human" scam website explained
Verify you are Human Scam
Security News