In association with heise online

02 July 2009, 10:02

Apple's iDisk sealed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple has closed a vulnerability in its online storage service iDisk after it was discovered that unauthorised access to other users' files was possible. According to Apple, it was a directory traversal issue; this is when access to directories using relative paths is allowed, for example, when the path is prefixed with "../".

iDisk is a pay-for storage system with public and private areas for users who want to move information between different computers or share files with other users. Apple responded with a fix less than 24 hours after the security expert Jeremy Richards reported the problem. Whether the vulnerability has been used in the past to allow unauthorised access to data is not known.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit