A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity. The flaws meant a bad actor could easily hijack a user’s iCloud account and steal all the photos, calendar information, videos, and documents, in addition to forwarding the same exploit to all of their contacts. Apple has processed about 28 of the vulnerabilities with a total payout of $288,500 as part of its bug bounty program. After they were responsibly disclosed to Apple, the iPhone maker took steps to patch the flaws within a few days.
Source: https://thehackernews.com/2020/10/apple-security.html