{"id":39782,"date":"2021-02-22T20:25:00","date_gmt":"2021-02-22T20:25:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/researcher-reports-vulnerability-in-apple-icloud-domain\/d\/d-id\/1340225"},"modified":"2021-02-22T20:25:00","modified_gmt":"2021-02-22T20:25:00","slug":"researcher-reports-vulnerability-in-apple-icloud-domain","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/","title":{"rendered":"Researcher Reports Vulnerability in Apple iCloud Domain"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header><\/header>\n<p><span class=\"strong black\">A stored cross-site scripting vulnerability in the iCloud website reportedly earned a security researcher $5,000.<\/span><\/p>\n<p class>Apple has reportedly fixed a stored cross-site scripting (XSS) vulnerability in the iCloud domain following its discovery by security researcher Vishal Bharad, ZDNet reports.<\/p>\n<p>Stored XSS, also known as persistent XSS, vulnerabilities occur when an attacker finds a flaw in a Web application and injects malicious code into its server. Bharad reportedly found this bug in the Page\/Keynotes feature of the iCloud website.<\/p>\n<p>To exploit this vulnerability, an attacker would have to create new content in either Pages or Keynote and enter their XSS payload into the name field. They would have to save this and send it to, or collaborate with, another user. The attacker would then need to make some changes to the content, resave it, and then go to Settings &gt; Browse All Versions.<\/p>\n<p>The XSS would trigger after &#8220;Browse All Versions&#8221; was clicked, Bharad explains in a blog post.<\/p>\n<p>Bharad reported the vulnerability to Apple on Aug. 7, 2020, and was rewarded $5,000 for his findings.&nbsp;<\/p>\n<p>Read Bharad&#8217;s full blog post <a href=\"https:\/\/vbharad.medium.com\/stored-xss-in-icloud-com-5000-998b8c4b2075\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a> and more details <a href=\"https:\/\/www.zdnet.com\/article\/stored-xss-bug-in-apple-icloud-domain-disclosed-by-bug-bounty-hunter\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/p>\n<p><span class=\"italic\">Dark Reading&#8217;s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=2179\">View Full Bio<\/a><\/span><\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/researcher-reports-vulnerability-in-apple-icloud-domain\/d\/d-id\/1340225?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A stored cross-site scripting vulnerability in the iCloud website reportedly earned a security researcher $5,000. Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/researcher-reports-vulnerability-in-apple-icloud-domain\/d\/d-id\/1340225?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-39782","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Researcher Reports Vulnerability in Apple iCloud Domain 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Researcher Reports Vulnerability in Apple iCloud Domain 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-22T20:25:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Researcher Reports Vulnerability in Apple iCloud Domain\",\"datePublished\":\"2021-02-22T20:25:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/\"},\"wordCount\":238,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/\",\"name\":\"Researcher Reports Vulnerability in Apple iCloud Domain 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\",\"datePublished\":\"2021-02-22T20:25:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#primaryimage\",\"url\":\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\",\"contentUrl\":\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Researcher Reports Vulnerability in Apple iCloud Domain\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Researcher Reports Vulnerability in Apple iCloud Domain 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/","og_locale":"en_US","og_type":"article","og_title":"Researcher Reports Vulnerability in Apple iCloud Domain 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-02-22T20:25:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Researcher Reports Vulnerability in Apple iCloud Domain","datePublished":"2021-02-22T20:25:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/"},"wordCount":238,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/","url":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/","name":"Researcher Reports Vulnerability in Apple iCloud Domain 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","datePublished":"2021-02-22T20:25:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","contentUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/researcher-reports-vulnerability-in-apple-icloud-domain\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Researcher Reports Vulnerability in Apple iCloud Domain"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39782","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39782"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39782\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39782"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39782"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39782"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}