Apple's iDisk sealed
Apple has closed a vulnerability in its online storage service iDisk after it was discovered that unauthorised access to other users' files was possible. According to Apple, it was a directory traversal issue; this is when access to directories using relative paths is allowed, for example, when the path is prefixed with "../".
iDisk is a pay-for storage system with public and private areas for users who want to move information between different computers or share files with other users. Apple responded with a fix less than 24 hours after the security expert Jeremy Richards reported the problem. Whether the vulnerability has been used in the past to allow unauthorised access to data is not known.
- Apple Web Server notifications, Apple's security issue credit page