A stored cross-site scripting (XSS) vulnerability in the iCloud domain has reportedly been patched by Apple, per a blog post shared by ZDNet.
The post says that bug bounty hunter and penetration tester Vishal Bharad claims to have discovered the security flaw, which is a stored XSS issue in icloud.com. According to Bharad, the XSS flaw in icloud.com was found in the Page/Keynotes features of Apple’s iCloud domain.
ZDNet says it’s reached out to Apple for comment and “will update when we hear back.”
Speaking of vulnerabilities, MacRumors reported on the second known piece of malware compiled to run natively on M1 Macs. Dubbed “Silver Sparrow,” the malicious package is said to leverage the macOS Installer JavaScript API [application programming interfaces] to execute suspicious commands.
After observing the malware for over a week, however, security firm Red Canary did not observe any final payload, so the exact threat to users remains a mystery. Apple has since informed MacRumors that it has revoked the certificates of the developer accounts used to sign the packages, preventing additional Macs from being infected. Apple also reiterated that Red Canary found no evidence to suggest the malware has delivered a malicious payload to Macs that have already been infected.
According to Bloomberg, Apple retail employees in New Jersey have voted against unionization, the Communications…
Workers at Apple’s retail store in Towson, Maryland, have voted in favor of authorizing a…
No major app developers have signed up to use outside payment options that Apple introduced…
Apple has closed in on an agreement with OpenAI to use the startup’s technology on…
Here are the top Apple-related articles at Apple World Today for the week of May…
The fast-paced global economy sees outsourcing as a cornerstone strategy for businesses striving to streamline…