By Bobbyr Medium :: A very cool topic in several respects at once | Zero-Day: Hijacking iCloud Credentials with Apple Airtags (Stored XSS)
First, another story about how Apple's bug bounty program has been crumpling, slowing down, and slowing down, for whatever reason, delaying the review process for a vulnerability that the developer found. This includes the fact that they can't tell if there will be a payout for the discovery, and the amount of it. So after 90 days have passed since the problem was discovered, the developer has published information about it. Secondly, the vulnerability itself is also pretty cool. The gist there is that there are AirTags, which, when lost and in the appropriate "lost" mode, open the Apple page to whoever finds it - found.Apple.com opens there. But the page embeds the contents of a field about the owner's phone number to notify him of it. But Apple forgot to embed verification of the phone number field when setting up the tag, and that's the crux of the vulnerability. A URL with XSS can be written into that field, and when you open found.Apple.com there, a fa