Phishing-Grade Identity Spoofing on icloud.com — Public Disclosure MAILDROP-01 Stuart Thomas Independent Security Research — Whitby, North Yorkshire, United Kingdom 13 May 2026 ·Apple iCloud Mail / Maildrop·Vendor ref: OE1950888220·Prioritised for review·⏱ 34 months since first report·CVSS 3.1 — 5.4 Medium· ORCID:0009-0008-4518-0064·CC BY 4.0 Apple’s Maildrop attachment service hosts mail attachments up to 5 GiB and presents recipients with a download page onicloud.com. The per-attachment URLs it generates contain three client-controlled, unsigned parameters: Any party in possession of a valid Maildrop URL can rewritef=andsz=and obtain a fully functional Maildrop URL that: displays the fake filename and file-type icon on the landing page; displays the fake file size; and causes the CDN to serve the file withContent-Disposition: attachment; filename="<fake name>", so the browser saves it under the fake name regardless of the file’s actual MIME type or extension. The URL remains onicloud.comthroughout. There is no visual indicator that displayed metadata is sender-controlled rather than server-attested. A canonical Maildrop URL has the shape: The inneru=value, once decoded, is the CDN URL the browser fetches when the user clicks “Download”. Its shape is approximately: The two${...}tokens in the CDN URL aretemplate substitutions. The${f}token is replaced with whatever value is in the outerf=parameter at request time. The${uk}token is replaced withuk=. This meansf=is not a cosmetic landing-page label. It is also part of the path the CDN serves, and the CDN echoes it back via theContent-Dispositionresponse header. Modifyingf=changes what the recipient’s browser names the downloaded file. Table 2.What is signed and what is not in a Maildrop URL. The structural deficiency is the absence of an HMAC over the outer query string. A short keyed signature parameter would prevent the attack class entirely. A short Python script captures the entire primitive. Given any valid Maildrop URL, the script parses the four parameters, prints the detected template variables, and produces a spoofed URL with operator-chosen filename and size: Run against a real Maildrop URL, the script reports which template tokens the CDN URL embeds and produces a rewritten link. Opening the original and spoofed links side-by-side in a browser shows: original landing page with real filename, real size, real icon; spoofed landing page with attacker-chosen filename, size, and icon — all inferred from the operator-chosenf=value. Both URLs reside onicloud.com; both produce a working download. TheContent-Dispositionheader on the downloaded file bears the spoofed filename. The attack requires nothing beyond a text editor and a browser. Three realistic operator positions: The attacker uploads a payload (malware archive, malicious document, fake invoice) via Apple Mail and obtains a Maildrop URL. They rewritef=to a trustworthy filename —Invoice_Q1_2026.pdf,MarketingSlideDeck.pptx,CV_J_Smith.docx— andsz=to a size matching the social pretext. The victim receives a link onicloud.com, sees an Apple-rendered landing page presenting a PDF named “Invoice_Q1_2026.pdf” weighing 204 KB, and clicks “Download”. The browser save-as prompt shows “Invoice_Q1_2026.pdf”. The actual file content is whatever the attacker uploaded. This is the dominant case. It is trivial. A legitimate Maildrop URL is forwarded to a wider audience — common in corporate environments where shared files traverse multiple mailing lists. An attacker on that audience-list path can modifyf=andsz=before re-sharing, producing a spoofed link pointing to content they did not upload. Maildrop URLs leak by ordinary means — chat logs, screenshots, copy/paste into ticketing systems, accidental wider cc’ing. Any exposed URL is rewritable for the remainder of its 30-day window. No upload step required; the attacker only needs to have observed the URL. Table 3.Impact assessment — MAILDROP-01.