Critical gap in iWork in the iCloud: Apple pays out a reward


Home »

Apple » Critical gap in iWork in the iCloud: Apple pays out a reward

Apple fixed a critical bug on its iCloud website. © The  company had been made aware of this vulnerability by a security researcher and was grateful. ©

 The  vulnerability had the potential to spread quickly via manipulated iWork documents.

Apple has had a potentially serious security issue in the past. In the present case, however, this was not in a software or operating system version, but in the iCloud-Website.

Specifically, it was possible for an attacker to exploit the vulnerability through manipulated Pages or Keynote documents; an XSS vulnerability that was placed in the name field of a file was exploited. As a result, further documents with a harmful payload could have been manipulated as soon as the user shares his documents with other users. If he saves it again after a change has been made and for whatever reason goes into version management to view earlier versions of his document, further documents can be infected.

Apple has now fixed the error


 The  vulnerability was discovered by the security researcher Vishal Bharad, who had already informed Apple of this in August and reported on the problem in a blog post. In the end it should be worth it for him: Apple paid the expert $ 5,000 finder’s fee.


 The  vulnerability has been eliminated in the meantime, this was done on the Apple server side, no updates were necessary for this.
Apple, like most tech companies, pays some good money to discover and discreetly report security problems.

Don’t you want to miss any more news? ©

 The n follow us on Twitter or become a fan on Facebook. You can of course download our iPhone and iPad app with push notifications here for free.

Or do you want to discuss the latest products with like-minded people? ©

 The n visit our forum!

[ source link ]

Critical gap iWork iCloud Apple pays reward


Please enter your comment!
Please enter your name here