built-in apps such as the iTunes Store app can be abused to run a browser exploit while escaping the restrictive Safari application sandbox.

Amnesty International found the same iCloud account bogaardlisa803[@]gmail.com recorded as linked to the “com.apple.private.alloy.photostream” service on both devices

Safari does not record full redirect chains, and might only keep history records showing the final page that was loaded