Skip to content
/ apple-vulnerability Public

An (in my opinion) vulnerability ( that Apple claimed as "normal behaviour") in the iCloud app for Windows 10/11.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rainerigius/apple-vulnerability

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
images
images
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Chapters

1. Title: Concise summary of the vulnerability.

2. Summary: Brief description and impact.

3. Steps to Reproduce: Detailed instructions.

4. Expected results

5. Actual results

6. More complications and ending

Title: Unauthenticated access to iCloud Passwords in Windows.

Summary:

An unauthenticated access possibility to iCloud Passwords on Windows trough the iCloud app from the Microsoft Store was discovered when removing the Windows device on the iPhone. This allows attackers to access passwords of users whos computer has violated or stolen or even kept unsupervisioned.

Steps to Reproduce:

Case 1:

  1. On the iPhone navigate to Settings > Apple Account > List of devices connected (just scroll down)
  2. Remove the Windows computer from the list
  3. Go on the computer open a browser with the iCloud password exension and go on any login page that has credential saved and click "enable automatic password entry"
  4. Open explorer.exe and go into iCloud Photo and iCloud Drive

Photos: (photo2) (photo3a) (photo3b) (photo4a) (photo4b)

Case 2:

1-3 are the same of case 1

  1. Reboot the computer
  2. Do not interact with the iCloud window that will prompt to enter the password
  3. Open any browser with the iCloud password exension and go on any login page that has credential saved and click "enable automatic password entry"
  4. Open explorer.exe and go into iCloud Photo and iCloud Drive

Photos: (photo6a) (photo6b) (photo7a) (photo7b)

Expected results

The expected result is that, having the device removed from the Apple Account devices, the request for enabling the automatic password entry should not be prompted and the drive and photos in the explorer.exe should not be accessible, but instead call the login page to authenticate back the account.

Actual results

The actual result is that even with the device disconnected and the login page on the iCloud app i still could access the iCloud Passwords extension, iCloud Password app, the photos and the drive.

More complications and ending

This problem can (I did not tested) also be applied In my opinion this is a serious risk because for a malicious person is easy on windows resetting the windows hello pin and accessing all the personal data stored in the iCloud apps. But also think about the situation where someone steals a computer, they remove that computer from their apple account devices and the thief still has access to all their passwords and data in plain text.

About

An (in my opinion) vulnerability ( that Apple claimed as "normal behaviour") in the iCloud app for Windows 10/11.

Topics

security apple icloud

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published