Apple Web Server notifications

This article provides credit to people who have reported potential security issues in Apple's web servers.

Credits

2014-10-13 pro.topsy.com

A clickjacking issue was addressed. We would like to acknowledge Aniket Pratap Singh for reporting this issue.

2014-10-07 consultants-locator.apple.com

A clickjacking issue was addressed. We would like to acknowledge Sachin Thakuri (@sachinnthakuri), Urja Singh Thapa, and Hari Krishnan (facebook.com/c.hari1997) for reporting this issue.

2014-09-30 pro.topsy.com

An SSL configuration issue was addressed. We would like to acknowledge Ayoub Nait Lamine for reporting this issue.

2014-09-30 vpp.itunes.apple.com

A clickjacking issue was addressed. We would like to acknowledge Chandroliya Ravi Ghanashyam bhai (@ChandroliyaRavi) for reporting this issue.

2014-09-18 itunesu.itunes.apple.com

A clickjacking issue was addressed. We would like to acknowledge S.Venkatesh (@PranavVenkatS) and Osman Erçeli̇k of Akanzii LLC for reporting this issue.

2014-09-16 hopstop.com

A cross-site scripting issue was addressed. We would like to acknowledge Memon Faisal (facebook.com/faiz.memon143) of SCET for reporting this issue.

2014-09-08 edeuroweb.apple.com

A clickjacking issue was addressed. We would like to acknowledge Osama Ansari (facebook.com/ansariosama) for reporting this issue.

2014-09-05 appleid.apple.com

An insufficient validation issue was addressed.  We would like to acknowledge Cameron Banga of 9magnets, LLC for reporting this issue.

2014-09-05 topsy.com

A cross-site scripting issue was addressed. We would like to acknowledge Mohamed Abdelbaset Elnoby of W3Pwn Security Consultation for reporting this issue.

2014-09-02 hopstop.com

A cross-site scripting issue was addressed. We would like to acknowledge Memon Faisal (facebook.com/faiz.memon143) of SCET for reporting this issue.

2014-08-20 burstly.com

An out-of-date software issue was addressed. We would like to acknowledge Koutrouss Naddara (facebook.com/profile.php?id=100008222891851) for reporting this issue.

2014-08-19 hrweb.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Satheesh Raj (@rsatheesh523) for reporting this issue.

2014-08-19 support.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Frans Rosén of Detectify for reporting this issue.

2014-08-18 mynews.apple.com

A caching issue was addressed.  We would like to acknowledge Bill Cave for reporting this issue.

2014-08-18 beatsbydre.com

A cross-site scripting issue was addressed. We would like to acknowledge Muhammad Abdullah (facebook.com/root.abdullah) for reporting this issue.

2014-08-13 ara.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Drew Callahan (linkedin.com/pub/drew-callahan/67/62/783) for reporting this issue.

2014-08-07 edeuroweb.apple.com

A certificate issue was addressed. We would like to acknowledge Ch. Muhammad Osama (@ChMuhammadOsama) of Chmosama.com (chmosama.com) and Hardik Tailor (@iamhardiktailor) for reporting this issue.

2014-08-06 jobs.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Scott Glossop of randomstorm.com for reporting this issue.

2014-08-04 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2014-07-30 hopstop.com

An out-of-date software issue was addressed. We would like to acknowledge Sangeetha Rajesh S for reporting this issue.

2014-07-15 images.apple.com

An open redirect issue was addressed. We would like to acknowledge Sabari Selvan (@EHackerNews) of Cyber Security & Privacy Foundation, Max Prietzel and an anonymous researcher for reporting this issue.

2014-07-09 hopstop.com

A cross-site scripting issue was addressed. We would like to acknowledge Jitendra Jaiswal (@jeetjaiswal22) from S.S Jain Subodh P.G College Jaipur India for reporting this issue.

2014-07-03 myaccess.apple.com

A server configuration issue was addressed. We would like to acknowledge Ryan Manly of Glenbrook High School District 225 for reporting this issue.

2014-07-02 acn-members.apple.com

A server configuration issue was addressed. We would like to acknowledge Kamil Sevi (@kamilsevi) for reporting this issue.

2014-07-01 appleseed3.apple.com

A clickjacking issue was addressed. We would like to acknowledge S.Venkatesh (@PranavVenkatS) for reporting this issue.

2014-06-20 extensions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Brij Kishore Mishra (@__bkm_) for reporting this issue.

2014-06-19 store.apple.com

An information disclosure issue was addressed. We would like to acknowledge Kenney Lu (@eolwral) of Yahoo! for reporting this issue.

2014-06-16 privftp.apple.com

An exposed credential issue was addressed. We would like to acknowledge Guilherme Rambo for reporting this issue.

2014-06-13 developer.apple.com

A mixed-content issue was addressed. We would like to acknowledge Russell Sullivan for reporting this issue.

2014-06-11 myaccess.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Russell Jancewicz of University of Connecticut for reporting this issue.

2014-05-05 consultants.apple.com

An Apache configuration issue was addressed. We would like to acknowledge Tariq Ziyad Al-Diab (facebook.com/TariqZiyad97) and Simone Memoli of Liceo Scientifico Valdemaro Vecchior for reporting this issue.

2014-04-28 bugreport.apple.com

An information disclosure issue was addressed. We would like to acknowledge Jesse Mikael Järvi for reporting this issue.

2014-04-23 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Artur Czyz (ArturCzyz.pl) for reporting this issue.

2014-04-17 store.apple.com

A server configuration issue was addressed. We would like to acknowledge Nakul Mohan of @Anonymous_India for reporting this issue.

2014-04-08 sift.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Simone Memoli of Liceo Scientifico Valdemaro Vecchi for reporting this issue.

2014-04-04 discussionschinese.apple.com

A server configuration issue was addressed. We would like to acknowledge Riaz Ebrahim (linkedin.com/pub/riaz-ebrahim-cissp-ceh/3b/347/383) for reporting this issue.

2014-03-26 ep.sap.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Guillaume Buttet from Switzerland (facebook.com/guillaume.buttet) for reporting this issue.

2014-03-25 icloud.com

A cross-site scripting issue was addressed. We would like to acknowledge Allan Jay Tomol of OrangeApps for reporting this issue.

2014-03-21 info.apple.com/export/

A cross-site scripting issue was addressed. We would like to acknowledge Ketan Sirigiri of Cigniti Technologies Ltd. for reporting this issue.

2014-03-21 edeuroweb.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Ibrahim Raafat (@RaafatSEC) of Q-CERT, Florindarck (@QuisterTow) of Romanian Security Team (rstforums.com), Wong Chieh Yie (@wcypierrenet), and Danalachi Sergiu for reporting this issue.

2014-03-20 acn-members.apple.com

A clickjacking issue was addressed. We would like to acknowledge Chandroliya Ravi Ghanashyam bhai (@ChandroliyaRavi) for reporting this issue.

2014-03-19 canadaapp.apple.com

A server configuration issue was addressed. We would like to acknowledge Simone Memoli (Simon90_Italy) of Italian Security Team and Muhammad Shahzad for reporting this issue.

2014-03-18 qtdevseed.apple.com

An Apache configuration issue was addressed. We would like to acknowledge Simone Memoli of Liceo Scientifico Valdemaro Vecchi for reporting this issue.

2014-03-14 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2014-03-14 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Olivier Beg of lanaru.com for reporting this issue.

2014-03-11 apple.com

A Flash cross-domain policy issue was addressed. We would like to acknowledge Osama Mahmood (@OsamaMahmood007) of Team Cyber Switch for reporting this issue.

2014-03-03 depot.info.apple.com

A server configuration issue was addressed. We would like to acknowledge Indrajith AN (facebook.com/indrajith.cyberXdestroyer) for reporting this issue.

2014-03-03 depot.info.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Sky_BlaCk of Team G410 for reporting this issue.

2014-02-28 topsy.com

A cross-site scripting issue was addressed. We would like to acknowledge Christian Galeone (thefacebook.com/christian.galeone.1) of ITCL Marco Polo - Bari for reporting this issue.

2014-02-26 edu-vpp.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jean Pascal Pereira of secbiz.org for reporting this issue.

2014-02-16 bugreport.apple.com

A clickjacking issue was addressed. We would like to acknowledge Sahil Dhar (facebook.com/dhar66) and Paras Pilani (@cool_paras) for reporting this issue.

2014-02-15 bugreport.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge N B Sri Harsha (nbsriharsha.blogspot.in) and Pedro Caixeta de Castro (linkedin.com/in/pedrocaixetac) reporting this issue.

2014-02-14 discussionskorea.apple.com/people

A cross-site scripting issue was addressed. We would like to acknowledge Ali Hassan Ghori of AHPT, Babar Khan Akhunzada of AHPT, Ehraz Ahmed (@tweetehrazahmed), Umraz Ahmed (@umrazahmed), and Charaf Anons (@CharafAnons) for reporting this issue.

2014-02-13 consultants.apple.com

An insecure cookie issue was addressed. We would like to acknowledge Memon Faisal (facebook.com/faiz.memon14) of SCET for reporting this issue.

2014-02-12 consultants.apple.com

A clickjacking issue was addressed. We would like to acknowledge Jigar Thakkar (@jigarthakkar39) of infobittechnologies.com and Nitin Goplani of Aujas Networks for reporting this issue.

2014-02-12 identity.apple.com

An XML external entity issue was addressed. We would like to acknowledge Nassim Abbaoui (@MetalnaS) for reporting this issue.

2014-02-11 hopstop.com

A cross-site scripting issue was addressed. We would like to acknowledge Memon Faisal (facebook.com/faiz.memon14) of SCET for reporting this issue.

2014-02-10 hopstop.com

A cross-site scripting issue was addressed. We would like to acknowledge Indrajith AN and KD Divakar for reporting this issue.

2014-02-08 aoschat.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC (xss.cx) for reporting this issue.

2014-02-08 aoschat.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Vaibhuv Sharma (facebook.com/vaibhuv.sharma) of Pc-S3curity (pc-s3curity.com/), Vansh Sharma (facebook.com/vanshsharma95) of Pc-S3curity (pc-s3curity.com/), Evan Ricafort of evanricafort.com, and kminthant (@psxchotic) for reporting this issue.

2014-02-03 info.apple.com

An HTTP header injection issue was addressed. We would like to acknowledge Ishan Anand (Zero-Access, facebook.com/zero.access999) for reporting this issue.

2014-02-03 trailers.apple.com

An SQL injection issue was addressed. We would like to acknowledge Andrei Neculaesei (algorithm.dk) for reporting this issue.

2014-02-03 topsy.com

An Apache configuration issue was addressed. We would like to acknowledge Waqeeh Ul Hasan of SOftProweb (softproweb.blogspot.com/) for reporting this issue.

2014-01-29 hopstop.com

A cross-site scripting issue was addressed. We would like to acknowledge Memon Faisal (facebook.com/faiz.memon14) of SCET for reporting this issue.

2014-01-27 discussionskorea.apple.com

An out-of-date software issue was addressed. We would like to acknowledge Muhammad Shahmeer of Maads Security and UIT for reporting this issue.

2014-01-27 volume.itunes.apple.com

A clickjacking issue was addressed. We would like to acknowledge Chandroliya Ravi Ghanashyam bhai (@ChandroliyaRavi) for reporting this issue.

2014-01-27 discussions.apple.com

A stored cross-site scripting issue was addressed. We would like to acknowledge Enguerran Gillier of OpnSec.com for reporting this issue.

2014-01-23 topsy.com

A cross-site scripting issue was addressed. We would like to acknowledge Jacob Soo (@Gunther_AR) of ARTeam for reporting this issue.

2014-01-15 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Juan Broullón Sampedro of Grampus Team, J Muhammed Gazzaly - @gazly (gazzaly.info), David Eusebius Georgian (facebook.com/eusebiu.david.16), and Charaf Anons (@CharafAnons) for reporting this issue.

2014-01-14 airprint.apple.com

An Apache configuration issue was addressed. We would like to acknowledge Simone Memoli (Simon90_Italy) of Toxic Security Team for reporting this issue.

2014-01-13 plus.topsy.com

Reflected cross-site scripting issues were addressed. We would like to acknowledge Koutrouss Naddara (facebook.com/superbade) for reporting these issues.

2014-01-09 lists.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Thomas Bartelmess of Marketcircle and Aaron Golding Brager (@getaaron) for reporting these issues.

2014-01-07 training.apple.com/schedule/aperture101

A cross-site scripting issue was addressed. We would like to acknowledge Shubham Upadhyay (@CyberShubhaM) of Advanced TechDefence, Simon Claudiu of Liceul Teoretic Bogdan Voda, and Sandeep Singh Rehal for reporting this issue.

2014-01-06 consultants.apple.com

A blind SQL injection issue was addressed. We would like to acknowledge Burak Bakir (@pr3d1c7) of burakb.net for reporting this issue.

2013-12-20 register.euro.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Kirill Ermakov of Positive Technologies, Connor Spicer (linkedin.com/pub/connor-spicer/75/475/1b4), and E. Sanchez for reporting this issue.

2013-12-19 clearmater.apple.com

An insecure cookie issue was addressed. We would like to acknowledge Hassan El Hadary (linkedin.com/pub/hassan-el-hadary/20/4ab/53b) for reporting this issue.

2013-12-18 icloud.com

An SSL configuration issue was addressed. We would like to acknowledge Akash Jain (@jain_ak) for reporting this issue.

2013-12-18 itunespulse.com

A cross-site scripting issue was addressed. We would like to acknowledge Muhammad Talha Khan (facebook.com/MTK911) for reporting this issue.

2013-12-18 volume.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2013-12-18 iforgot.apple.com

An insecure cookie issue was addressed. We would like to acknowledge Shubham Raj (@xceptioncode) and Vedachala (@vedachalaka) for reporting this issue.

2013-12-16 education.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge E. Sanchez for reporting this issue.

2013-12-13 icloud.com

An SSL configuration issue was addressed. We would like to acknowledge Kamil Sevi (@kamilsevi) for reporting this issue.

2013-12-12 vpp.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Ishan Anand (www.facebook.com/zero.access999) for reporting this issue.

2013-12-04 linkmaker.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge John Campbell of Yabla, Inc. for reporting this issue.

2013-11-24 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Andrei Neculaesei (algorithm.dk) for reporting this issue.

2013-11-21 airprint.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Shyam Jordan of Hicube Infosec Pvt.Ltd. for reporting this issue.

2013-11-20 supportform.apple.com

A server configuration issue was addressed. We would like to acknowledge Axel Schneider (facebook.com/axel.schneider.948) for reporting this issue.

2013-11-20 volume.itunes.apple.com

A credential handling issue was addressed. We would like to acknowledge Steven Harwood of the Corona Norco Unified School District for reporting this issue.

2013-11-10 info.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Alexandr Drozdov (linkedin.com/pub/alexandr-drozdov/59/a2/b79) for reporting this issue.

2013-11-05 consultants.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Akash Jain (@jain_ak) for reporting this issue.

2013-11-04 mfi.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Akash Jain (@jain_ak) for reporting this issue.

2013-11-04 gsp4-cn.ls.apple.com

A source code disclosure issue was addressed. We would like to acknowledge Andrew Pouliot of Facebook for reporting this issue.

2013-10-31 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Olivier Beg of olivierbeg.nl for reporting this issue.

2013-10-25 appleid.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.

2013-10-25 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Narendra Bhati (R00t Sh3ll The Untraceable) of Cyber Octet Pvt.Ltd for reporting this issue.

2013-10-22 icloud.com/keynote, icloud.com/pages, icloud.com/numbers

A cross-site scripting issue was addressed. We would like to acknowledge Gokmen GURESCI (gokmenguresci.com) for reporting this issue.

2013-10-21 appleid.apple.com

An insufficient authentication issue was addressed. We would like to acknowledge JATIN JAIN for reporting this issue.

2013-10-15 cctechchatwebapi.apple.com

A server configuration issue was addressed. We would like to acknowledge Axel Schneider (facebook.com/axel.schneider.948) for reporting this issue.

2013-10-14 expresslane.apple.com

Multiple cross-site scripting issues were addressed. We would like to acknowledge Ebrahim Hegazy (@Zigoo0) from Qcert.org, Oliver Gruskovnjak of Portcullis, Inc. (portcullis-security.com), Dylan E. Meador (@DylanMeador), Nikhil Srivastava (facebook.com/nik0spy) and Javid Hussain (twitter.com/javidhussain21) from TechDefence, Sergiu Dragos Bogdan, and David Hoyt of Hoyt LLC (xss.cx) for reporting these issues.

2013-10-13 getsupport.apple.com

A clickjacking issue was addressed. We would like to acknowledge Jayvardhan Singh (twitter.com/Silent_Screamr) for reporting this issue.

2013-10-11 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Masato Kinugawa for reporting this issue.

2013-10-11 myaccess.apple.com

A TLS renegotiation issue was addressed. We would like to acknowledge Tushar Rajhans Kumbhare (@tush2388) for reporting this issue.

2013-10-11 apple.com

A Flash cross-domain policy issue was addressed. We would like to acknowledge Abhinav Sejpal (@Abhinav_Sejpal) of PASS Technologies (pass.ch) for reporting this issue.

2013-10-09 consultants-locator.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Akash Jain (@jain_ak) for reporting this issue.

2013-10-08 mfi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge k T Ram Ganesh for reporting this issue.

2013-10-04 17.178.96.59

An SSL configuration issue was addressed. We would like to acknowledge Gena Makhomed of ideil.com for reporting this issue.

2013-10-03 jobs.apple.com

An information disclosure issue was addressed. We would like to acknowledge Kyle Brogle for reporting this issue.

2013-09-25 expresslane.apple.com, selfsolve.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Ali Hasan Ghauri | AHPT, Kamil Sevi (@kamilsevi), and Vikas Chopalli (@vikas115m) for reporting this issue.

2013-09-24 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Sahil Sehgal (breakingmesh.blogspot.com) for reporting this issue.

2013-09-20 daw.apple.com

A clickjacking issue was addressed. We would like to acknowledge Jigar Thakkar (@jigarthakkar39) of infobittechnologies.com, Ravikumar R. Paghdal (@_RaviRamesh) of the Shrimad Rajchandra Institute of Management and Computer Application, Vedachala (twitter.com/vedachalaka), Chandroliya Ravi Ghanashyam bhai (@ChandroliyaRavi), Sahil Dhar (facebook.com/dhar66), and Pralhad Chaskar of NII Consulting (@c0d3xpl0it) for reporting this issue.

2013-09-20 aatcportal.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Abhinav Karnawat of w4rri0r.com for reporting this issue.

2013-09-19 education.apple.com

A lack of encryption was addressed. We would like to acknowledge Vasudeva of Net-square solutions Pvt. ltd. for reporting this issue.

2013-09-19 ade.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Akash Jain (@jain_ak), India for reporting this issue.

2013-09-18 discussions.apple.com

An information disclosure issue was addressed. We would like to acknowledge Enguerran Gillier of OpnSec.com for reporting this issue.

2013-09-03 selfsolve.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2013-08-30 locationary.com

A clickjacking issue was addressed. We would like to acknowledge Manish Bhattacharya of Shobhit University for reporting this issue.

2013-08-30 bugreport.apple.com

A clickjacking issue was addressed. We would like to acknowledge Sahil Dhar (facebook.com/dhar66) for reporting this issue.

2013-08-30 bugreport.apple.com

An information disclosure issue was addressed. We would like to acknowledge Amy Worrall for reporting this issue.

2013-08-26 aatcportal.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Christy Philip Mathew - Offcon Info Security for reporting this issue.

2013-08-22 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jorge García Pérez (@jorgegarccia) for reporting this issue.

2013-08-20 discussions.apple.com

A clickjacking issue was addressed. We would like to acknowledge Manish Bhattacharya of manishbhattacharya.com and Ravikumar R. Paghdal (@_RaviRamesh) of the Shrimad Rajchandra Institute of Management and Computer Application for reporting this issue.

2013-08-20 store.apple.com

Cross-site scripting issues were addressed. We would like to acknowledge Jorge Luis Alvarez Medina, Ahmed Aboul-Ela (@_SecGeek) of Starware, and David Hoyt of Hoyt LLC Research for reporting these issues.

2013-08-15 offdig-ssl.ls.apple.com

A server configuration issue was addressed. We would like to acknowledge Osanda Malith Jayathissa (@OsandaMalith) for reporting this issue.

2013-08-15 developer.apple.com

A cross-site request forgery issue was addressed. We would like to acknowledge Bluebox Security (bluebox.com) for reporting this issue.

2013-08-15 discussions.apple.com

A server configuration issue was addressed. We would like to acknowledge Deepankar Arora (@sec403) and Nipun Jaswal (@nipunjaswal) of StartHack.com for reporting this issue.

2013-08-15 onetoone.apple.com

A mixed-content issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2013-08-14 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Saqib Kamran (saqibkamran.com) for reporting this issue.

2013-08-13 acn-members.apple.com

A server configuration issue was addressed. We would like to acknowledge Nikhil.P.Kulkarni (@nikchillz) of M.S.Ramaiah Institute of Technology for reporting this issue.

2013-08-13 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Evgeniy Tolmachev (@c3retc3) of Positive Research Lab for reporting this issue.

2013-08-09 devforums.apple.com

A mixed-content issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2013-08-05 acn-members.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Ucha Gobejishvili (twitter.com/longrifle0x) for reporting this issue.

2013-08-05 acn-members.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Akash Jain (@jain_ak), India for reporting this issue.

2013-08-05 acn-members.apple.com

A credential issue was addressed. We would like to acknowledge Mohamed Osman Saeed From Vision Valley Company (linkedin.com/pub/mohammed-saeed/40/887/84) for reporting this issue.

2013-08-01 supportprofile.apple.com

A cross-site request forgery issue was addressed. We would like to acknowledge Diamant Osmani for reporting this issue.

2013-08-01 iforgot.apple.com

An HTTP header injection issue was addressed. We would like to acknowledge Ebrahim Hegazy (@Zigoo0) from Qcert.org for reporting this issue.

2013-07-29 iCloud.com/mail

A stored cross-site scripting issue was addressed. We would like to acknowledge Ibrahim BALIC (Balich IT - balicbilisim.com) for reporting this issue.

2013-07-29 icloud.com

An application logic issue was addressed. We would like to acknowledge John Santoleri of StoneWork Capital LLC for reporting this issue.

2013-07-25 developer.apple.com

A stored cross-site scripting issue was addressed. We would like to acknowledge Ibrahim BALIC (Balich IT - balicbilisim.com) for reporting this issue.

2013-07-25 itunesconnect.apple.com

Nine stored cross-site scripting issues were addressed. We would like to acknowledge Ibrahim BALIC (Balich IT - balicbilisim.com) for reporting these issues.

2013-07-23 info.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2013-07-23 iCloud.com/calendar

A stored cross-site scripting issue was addressed. We would like to acknowledge Ibrahim BALIC (Balich IT - balicbilisim.com) for reporting this issue.

2013-07-22 iadworkbench.apple.com

An information disclosure issue was addressed. We would like to acknowledge Ibrahim BALIC (Balich IT - balicbilisim.com) for reporting this issue.

2013-07-19 icloud.com/calendar

A cross-site scripting issue was addressed. We would like to acknowledge Gokmen GURESCI (gokmenguresci.com) for reporting this issue.

2013-07-18 developer.apple.com

A remote code execution issue was addressed. We would like to acknowledge 7dscan.com, and SCANV of knownsec.com for reporting this issue.

2013-07-18 expresslane.apple.com

A remote code execution issue was addressed. We would like to acknowledge 7dscan.com for reporting this issue.

2013-07-18 consultants.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Olivier Beg of olivierbeg.nl and Yorrick Hardeman of Fanorg.net for reporting this issue.

2013-07-18 acn-members.apple.com

A directory traversal issue was addressed. We would like to acknowledge Mohamed Osman Saeed of Vision Valley Company (linkedin.com/pub/mohammed-saeed/40/887/84) for reporting this issue.

2013-07-18 acn-members.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Mohamed Osman Saeed of Vision Valley Company (linkedin.com/pub/mohammed-saeed/40/887/84) for reporting this issue.

2013-07-17 buyiphone.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2013-07-17 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nikhil Srivastava (facebook.com/nik0spy) and Javid Hussain (@javidhussain21) from TechDefence for reporting this issue.

2013-07-14 support.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Roy Castillo (roy-castillo.com) of Informatics Computer Institute - Cebu, Philippines, and Paweł Hałdrzyński for reporting this issue.

2013-06-27 devforums.apple.com

An information disclosure issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2013-06-27 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Narendra Bhati (R00t Sh3ll The Untraceable) of Cyber Octet Pvt.Ltd for reporting this issue.

2013-06-24 idmsa.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Timo Lins for reporting this issue.

2013-06-24 store.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Stefan Schurtz of darksecurity.de, David Hoyt of Hoyt LLC Research, Pobereznicenco Dan of rstforums.com, and Danalachi Sergiu for reporting this issue.

2013-06-23 service.info.apple.com

An access control issue was addressed. We would like to acknowledge Adrián Condes for reporting this issue.

2013-06-17 cctechchatwebapi.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Sebastian Neef & Tim Schäfers of (internetwache.org) for reporting this issue.

2013-06-16 supportform.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Bradley Johnson (about.me/bradley_johnson) and E. Sanchez for reporting this issue.

2013-06-13 abs.apple.com, csat.apple.com

A remote code execution issue was addressed. We would like to acknowledge Secbeta (t.qq.com/injecting) of WooYun.org for reporting this issue.

2013-06-12 support.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Florin, Jeison Maldonado, Rubén Díaz Alonso (@outime) of Rubutek, J. Francisco Bolívar of (linkedin.com/in/jfbolivar), Yasir Altaf Zargar of madleets.com, Mike Czumak of securitysift.com, Ajinkya Patil (@5nak3Eyes) of Avsecurity.in, Dragos Scarlatescu of the Romanian Security Team, Horatau Marius & Darius Petrescu of Romanian Security Team (rstforums.com), Dawid Bałut, Tarek Siddiki of Team Haxorsistz, Greg Wroblewski of Microsoft and MSVR, Umer Shakil of (twitter.com/umer_djzz), and Danish Tariq, Noman Ramzan and Ali hassan for reporting this issue.

2013-06-11 discussionskorea.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Frans Rosén from Detectify, and Danijel Maksimović (Brčko Distrikt , @maxon3) for reporting this issue.

2013-06-11 expresslane.apple.com

Multiple cross-site scripting issues were addressed. We would like to acknowledge Martin Hall of Microsoft, Ahmad Ashraff (@yappare), Nikhil Srivastava (facebook.com/nik0spy) and Javid Hussain (twitter.com/javidhussain21) from TechDefence, and Mohamed Ramadan of Attack-Secure.com for reporting these issues.

2013-06-05 developer.apple.com

A frame injection issue was addressed. We would like to acknowledge Yosuke Hasegawa of NetAgent Co., Ltd for reporting this issue.

2013-06-02 ara.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Vikas Chopalli and Naresh Chattala, Prasanna Mestha (facebook.com/djprasan) and Abhibandhu Kafle (facebook.com/bipin.kafle.10), Frederik Oddershede Markor of Surfshark, Damien Bancal of zataz.com, Monendra Sahu (twitter.com/mohitnitrr), Salvatore Menna Ancy, Mr. Mayank Bhatodra (facebook.com/iamyourfri3nd) and Anand Sundar Tiwari of (anandtiwarics.blogspot.in) for reporting this issue.

2013-06-02 ara.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Prasanna Mestha of Security Ghost Team (facebook.com/djprasan), Monendra Sahu (twitter.com/mohitnitrr), Mr. Mayank Bhatodra (facebook.com/iamyourfri3nd) and Sahil Sehgal for reporting this issue.

2013-06-02 ara.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Vikas Chopalli and Naresh Chattala for reporting this issue.

2013-05-30 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge REBIAI Ali Zinédine (twitter.com/z_reb) for reporting this issue.

2013-05-14 developer.apple.com

A server configuration issue was addressed. We would like to acknowledge Darius Petrescu (@akkiliON_) of Romanian Security Team for reporting this issue.

2013-05-13 support.apple.com

A clickjacking issue was addressed. We would like to acknowledge Javid Hussain (@javidhussain21) and Somana Syam Kumar for reporting this issue.

2013-05-13 support.apple.com

An HTTP header injection issue was addressed. We would like to acknowledge Yosuke Hasegawa of NetAgent Co., Ltd for reporting this issue.

2013-05-04 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge André Ferreira (From Leiria / ESDS) "White Hat Hacker" for reporting this issue.

2013-05-03 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Issam Rabhi (sites.google.com/site/issrabhi/) for reporting this issue.

2013-05-03 manuals.info.apple.com

An SQL injection issue was addressed. We would like to acknowledge Adrian Ivascu for reporting this issue.

2013-05-02 developer.apple.com

An information disclosure issue was addressed. We would like to acknowledge Griffin Francis and Nidhish Dave of BVCOE for reporting this issue.

2013-04-30 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Aditya Balapure (in.linkedin.com/in/adityabalapure/) for reporting this issue.

2013-04-30 itunes.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Richard Moulinneuf (portfolio.r-moulinneuf.fr) from ENI (Ãcole Nantaise en Informatique), Yngve N. Pettersen of Opera Software ASA, Sandeep Singh Rehal (facebook.com/lulzMmax), and Akash Jain (@jain_ak) for reporting this issue.

2013-04-29 apple.com

A mixed-content issue was addressed. We would like to acknowledge Russell Sullivan for reporting this issue.

2013-04-24 qtdevseed.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Ermakov Kirill of Positive Technologies for reporting this issue.

2013-04-23 investors.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge John at tghc.co - @n0x00 for reporting this issue.

2013-04-22 discussionsjapan.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Ali Hasan Ghauri - AHPT for reporting this issue.

2013-04-19 store.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Camilo Galdos AkA Dedalo of Open-Sec, Malte Batram of batr.am, hip of insight-labs.org, and Wong Chieh Yie (@wcypierrenet) for reporting this issue.

2013-04-12 itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Masato Kinugawa for reporting this issue.

2013-04-12 rtc.euro.apple.com

A server configuration issue was addressed. We would like to acknowledge devesh bhatt (#deveshbhatt11) for reporting this issue.

2013-04-11 discussionschinese.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Masato Kinugawa for reporting this issue.

2013-04-11 canadaapp.apple.com

A remote code execution issue was addressed. We would like to acknowledge Andrey Medov of Positive Technologies for reporting this issue.

2013-04-11 ssl.apple.com

A server configuration issue was addressed. We would like to acknowledge Sunil Dadhich (@Sunil_Dadhich7) for reporting this issue.

2013-04-10 daw.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Christian Lopez Martin (phr0nak) from insertco.in for reporting this issue.

2013-04-08 discussions.apple.com

A mixed-content issue was addressed. We would like to acknowledge Jack "fin1te" W of fin1te.net for reporting this issue.

2013-04-03 swscan.apple.com

An SSL renegotiation issue was addressed. We would like to acknowledge Jeff Jarmoc (@jjarmoc) for reporting this issue.

2013-04-03 madeforipodandiphone.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Rishal Dwivedi (रिशाल द्विवेदी) and Manjot Singh (मनजोत सिंह) for reporting this issue.

2013-04-02 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Kamil Sevi (@kamilsevi) for reporting this issue.

2013-03-30 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Bilal K of ZentrixPlus.net and Gerardo Salazar of openwiresec.com for reporting this issue.

2013-03-22 iforgot.apple.com

A password reset issue was addressed. We would like to acknowledge Vaibhav Khatke of Syntel inc for reporting this issue.

2013-03-22 consultants-locator.apple.com

An out-of-date software issue was addressed. We would like to acknowledge Mayur Lohite of mayurlohite.blogspot.in for reporting this issue.

2013-03-21 help.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Masato Kinugawa for reporting this issue.

2013-03-19 iphone-wu.apple.com

An XML external entity processing issue was addressed. We would like to acknowledge Artem Chaykin of Positive Technologies for reporting this issue.

2013-03-15 webclass.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Sergey Bobrov of Positive Research (ptsecurity.com/research/advisory/) and Vikas Chopalli for reporting this issue.

2013-03-15 genifp.apple.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research and E Sanchez for reporting this issue.

2013-03-14 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Tushar Rajhans Kumbhare of defencely.com for reporting this issue.

2013-03-13 education.apple.com

A cross-site scripting issue and an SQL injection issue were addressed. We would like to acknowledge Vasudeva of Net-square solutions Pvt. ltd. for reporting these issues.

2013-03-12 myinfo.apple.com

A TLS renegotiation issue was addressed. We would like to acknowledge Yngve N. Pettersen of Opera Software ASA for reporting this issue.

2013-03-06 ade.apple.com

A site misconfiguration issue was addressed. We would like to acknowledge Tushar Rajhans Kumbhare of defencely.com for reporting this issue.

2013-03-05 evaluatemacs.apple.com

An information disclosure issue was addressed. We would like to acknowledge Malte Batram of batr.am for reporting this issue.

2013-03-04 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Milan Bačkonja for reporting this issue.

2013-03-04 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Dmitriy Serebryannikov (@dsrbr) of Positive Technologies, Siddhesh Gawde (facebook.com/pen3t3r) and Fabián Cuchietti (ar.linkedin.com/in/fabiancuchietti/) for reporting this issue.

2013-02-28 daw.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Ahmed Mohamed Hassan Aboul-Ela of Starware for reporting this issue.

2013-02-27 iforgot.apple.com

A password reset issue was addressed. We would like to acknowledge ankit bharathan (lonely-hacker) for reporting this issue.

2013-02-16 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Fernando Muñoz from nullgroup.com for reporting this issue.

2013-02-15 developer.apple.com

An HTTPS configuration issue was addressed. We would like to acknowledge Nikhil.P.Kulkarni (@nikchillz) of Break The Security team for reporting this issue.

2013-02-15 volume.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Yuji Kosuga for reporting this issue.

2013-02-12 appleid.apple.com

Security questions no longer autocomplete. We would like to acknowledge JATIN JAIN for suggesting this enhancement.

2013-02-11 apple.com/support/security/pgp

A mixed-content issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2013-02-11 concierge.apple.com

A mixed-content issue was addressed. We would like to acknowledge Ari Rubinstein for reporting this issue.

2013-02-11 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mohamed Ramadan from Attack-Secure.com for reporting this issue.

2013-02-11 aatcportal.apple.com

An information disclosure issue was addressed. We would like to acknowledge Christy Philip Mathew of Zimperium, Inc for reporting this issue.

2013-02-08 rugby.apple.com

A file-existence disclosure issue was addressed. We would like to acknowledge Chema Alonso and José Miguel Soriano of Informatica64.com for reporting this issue.

2013-02-07 consultants.apple.com

An SQL injection issue was addressed. We would like to acknowledge Evgeny Ermakov (@crw__) of Positive Technologies for reporting this issue.

2013-02-05 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Fernando Muñoz Sánchez from Null Group nullgroup.com/ for reporting this issue.

2013-02-04 consultants.apple.com

An information disclosure issue was addressed. We would like to acknowledge Malte Batram of batr.am for reporting this issue.

2013-01-31 trailers.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Subhash Dasyam, Jinen Patel, and Mukesh Chowdary of hicubes.com for reporting this issue.

2013-01-29 jobs.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Frans Rosén from Detectify for reporting this issue.

2013-01-28 deimos.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2013-01-25 developer.apple.com

An open redirect issue was addressed. We would like to acknowledge Christian Seifert of Deutsche Telekom for reporting this issue.

2013-01-25 apple.com

A mixed-content issue was addressed. We would like to acknowledge SiddhartH SolankI of hackforsecurity.com for reporting this issue.

2013-01-23 itunes.apple.com

Active content is now served over HTTPS by default. We would like to acknowledge Bernhard 'Bruhns' Brehm of Recurity Labs, Elie Bursztein of Google, and Rahul Iyer of Bejoi LLC for reporting this issue.

2013-01-18 daw.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Shubham Mittal of 3ncrypt0r.blogspot.com for reporting this issue.

2013-01-18 developer.apple.com

A mixed-content issue was addressed. We would like to acknowledge David Benjamin of the Massachusetts Institute of Technology and Louis Romero (@Arcank) for reporting this issue.

2013-01-14 consultants.apple.com

An HTTP response splitting issue was addressed. We would like to acknowledge Prakhar Prasad of Security Pulse for reporting this issue.

2013-01-14 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Danijel Maksimović (@MaXoN3) for reporting this issue.

2013-01-14 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mirza Burhan Baig of blackbitz.net for reporting this issue.

2013-01-09 ade.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Prakhar Prasad of Security Pulse and National Anti-Hacking Group, and an anonymous researcher for reporting this issue.

2013-01-08 *.apple.com

TLS renegotiation issues were addressed on multiple Apple webservers. We would like to acknowledge Yngve N. Pettersen of Opera Software ASA for reporting these issues.

2013-01-08 edseminars.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Rafay Baloch of rafayhackingarticles.net for reporting these issues.

2013-01-04 canadaedu.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2013-01-04 consultants.apple.com

A source code disclosure issue was addressed. We would like to acknowledge Clint Ruoho of Laconic Security for reporting this issue.

2013-01-03 help.apple.com/ipad

An information disclosure issue was addressed. We would like to acknowledge Pradeep Jairamani (Black_Eagle) and Gurjant Singh (Godhacker_IHOS) for reporting this issue.

2012-12-20 iforgot.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Danijel Maksimović (@MaXon3) for reporting this issue.

2012-12-19 training.apple.com

An out-of-date software issue was addressed. We would like to acknowledge Shubham Mittal of 3ncrypt0r.blogspot.com for reporting this issue.

2012-12-18 ssl.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Adam Ziaja of adamziaja.com for reporting this issue.

2012-12-17 acn-members.apple.com

A server configuration issue was addressed. We would like to acknowledge Vikas Chopalli and Naresh Chattala of gitamite.com, and Roy Castillo (roy-castillo.com) of Informatics Computer Institute - Cebu, Philippines for reporting this issue.

2012-12-17 appleid.apple.com

A session fixation issue was addressed. We would like to acknowledge Ben Brenner for reporting this issue.

2012-12-14 widgets.itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Kamil Sevi (@sevikamil), and Atulkumar Hariba Shedage and Ritesh Arunkumar Sarvaiya of defencely.com for reporting this issue.

2012-12-11 daw.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-12-07 ssl.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Emanuel Bronshtein (@e3amn2l) for reporting this issue.

2012-12-06 ax.search.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Frans Rosén of detectify.com for reporting this issue.

2012-12-02 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Thamatam Deepak (Mr.47™) Of V.M.R Polytechnic Warangal, and Mohit Kumar (@unix_root) of The Hacker News for reporting this issue.

2012-12-02 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jatinpreet Singh of AKSIPS (Ajit Karam Singh International Public School, Chandigarh), M.R.Vignesh Kumar (@vigneshkumarmr) and Alok.J.Sudhakar of Team SecurityPrimes, Ajay Singh Negi of iViZ Techno Solutions Pvt. Ltd., and JATIN JAIN and Nikhil Kumar for reporting this issue.

2012-12-02 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mohamed Ramadan from Attack-Secure.com, Himanshu Sharma (нα¢кєя) and Advait Joshi (S.V.P.C.E.T.) for reporting this issue.

2012-12-02 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Kamil Sevi (@sevikamil) for reporting this issue.

2012-11-30 itunes.com

A cross-site scripting issue was addressed. We would like to acknowledge Frans Rosén of detectify.com for reporting this issue.

2012-11-30 store.apple.com

A server configuration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-11-29 canadaedu.apple.com

A potential header injection issue was addressed. We would like to acknowledge Ucha Gobejishvili (twitter.com/longrifle0x), Mayur Lohite of techdeviners.com, Rafay Baloch of rafayhackingarticles.net, Douglas Lourenço (@DouglasLour) of elitewhitehat.com.br, Deepanker Verma of HackingTricks.in, and Prakhar Prasad for reporting this issue.

2012-11-28 developer.apple.com

A server configuration disclosure issue was addressed. We would like to acknowledge Mohamed Ramadan of Attack-Secure.com for reporting this issue.

2012-11-27 enroll.vpp.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Rishal & Manjot, and Harsha Vardhan Boppana for reporting this issue.

2012-11-26 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Bozhidar Grujoski of SOU Gimnazija Mirche Acev for reporting this issue.

2012-11-16 ali.apple.com

A server configuration issue was addressed. We would like to acknowledge Julius Kivimäki for reporting this issue.

2012-11-15 origin-discussions-kr.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Ryan Dewhurst of randomstorm.com, and Prakhar Prasad for reporting this issue.

2012-11-14 searchcgi.apple.com

A local file inclusion issue was addressed. We would like to acknowledge Никола Којић (Nikola Kojic) for reporting this issue.

2012-11-08 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Siddhesh Gawde (St. Francis Institute of Technology (SFIT)) and Dylan S. Hailey (@TibitXimer) for reporting this issue.

2012-11-05 chomp.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Spotflux for reporting this issue.

2012-11-02 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Deniz Isik of bursali.eu for reporting this issue.

2012-10-30 support.apple.com

Reflected cross-site scripting issues were addressed. We would like to acknowledge Anupam Bishui of iiserrors.com, and Gerardo Salazar for reporting these issues.

2012-10-28 selfsolve.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Ahmad Ashraff (@yappare) for reporting this issue.

2012-10-25 images.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Milad Bahari Rad (@Milad_Bahari) for reporting this issue.

2012-10-19 education.apple.com

A server configuration issue was addressed. We would like to acknowledge Douglas Lourenço (@DouglasLour) of elitewhitehat.com.br for reporting this issue.

2012-10-11 rtc.euro.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2012-10-10 id.apple.com

A weak DKIM cryptographic key was replaced. We would like to acknowledge Zach Harris (@DrZacharyHarris) of Ninebark Consulting for reporting this issue.

2012-10-04 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Florian Grunow for reporting this issue.

2012-10-04 trailers.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-10-04 appldnld.apple.com

A header injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-10-04 concierge.apple.com

An SSL configuration error was addressed. We would like to acknowledge Alexander Burke of alexburke.ca for reporting this issue.

2012-10-04 iforgott.apple.com

A URL disclosure issue was addressed. We would like to acknowledge Alessio Ganci of ssep.it for reporting this issue.

2012-10-04 canadaapp.apple.com

A server configuration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-10-04 images.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-10-04 apple.com

A server configuration issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-10-04 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Meir Bank of meirbank.com for reporting this issue.

2012-10-03 developer.apple.com

An iframe injection issue was addressed. We would like to acknowledge Mikko Saario of Nokia Corporation for reporting this issue.

2012-09-25 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Kamil Sevi (@sevikamil) for reporting this issue.

2012-09-25 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Michael Blake for reporting this issue.

2012-09-24 trailers.apple.com

An SQL injection issue was addressed. We would like to acknowledge Dinesh Shetty of Paladion Networks for reporting this issue.

2012-09-20 apple.com/recycling

A reflected cross-site scripting issue was addressed. We would like to acknowledge Jacob Soo of ARTeam (@Gunther_AR) for reporting this issue.

2012-09-19 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Yosuke Hasegawa of NetAgent Co., Ltd and Mario Gomes (@NetFuzzer) for reporting this issue.

2012-09-18 docs.info.apple.com

A server configuration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-09-18 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research and [tcpper] for reporting this issue.

2012-09-18 iphone-ld.apple.com

A directory-indexing issue was addressed. We would like to acknowledge Krutarth Shukla & Harsha Vardhan Boppana for reporting this issue.

2012-09-11 acn-members.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-09-11 edseminars.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Siddhesh Gawde of St. Francis Institute of Technology (SFIT) for reporting this issue.

2012-09-07 canadaedu.apple.com

An information disclosure issue was addressed. We would like to acknowledge Mayur Lohite of mayurlohite.blogspot.in for reporting this issue.

2012-08-31 docs.info.apple.com

A server configuration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-08-30 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Ioannis Kapolos of firstplace.gr for reporting this issue.

2012-08-30 crt.apple.com

A directory traversal issue was addressed. We would like to acknowledge Kirill Ermakov of Positive Research (ptsecurity.com/research/advisory/) for reporting this issue.

2012-08-29 docs.info.apple.com

A header injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research and Mario Gomes (@NetFuzzer) of netfuzzer.blogspot.com for reporting this issue.

2012-08-28 edseminars.apple.com

An arbitrary code execution issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-08-13 discussionskorea.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge David Vieira-Kurz of MajorSecurity (majorsecurity.net) for reporting this issue.

2012-08-10 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jaume Llopis of Ka0labs.net for reporting this issue.

2012-08-10 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge João Lucas Melo Brasio of White Hat Hackers Consultoria de Segurança da Informação LTDA (whitehathackers.com.br) for reporting this issue.

2012-08-09 consultants-locator.apple.com

An exposed session identifier issue was addressed. We would like to acknowledge Rishal Dwivedi of Kendriya Vidyalaya & Manjot Singh of Punjab Agriculture University for reporting this issue.

2012-08-09 support.apple.com/kb

An SQL injection issue was addressed. We would like to acknowledge Damien Couturier for reporting this issue.

2012-08-07 discussions.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-07-30 apple.com/promo/rebate

An application logic issue was addressed. We would like to acknowledge Adam Markowitz for reporting this issue.

2012-07-24 auth.me.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-07-24 fderegt.apple.com

A server configuration issue was addressed. We would like to acknowledge Alessio Ganci of ssep.it for reporting this issue.

2012-07-18 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Subho Halder, Isha Bhattacharya, Aditya Gupta and Dev Kar of XYSec Team for reporting this issue.

2012-07-18 promo.euro.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-07-18 iforgot.apple.com

A URL expiration issue was addressed. We would like to acknowledge JATIN JAIN (jatinjain.co.cc) for reporting this issue.

2012-07-17 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge João Lucas Melo Brasio of White Hat Hackers Consultoria de Segurança da Informação LTDA (whitehathackers.com.br) for reporting this issue.

2012-07-09 images.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Emanuel Bronshtein for reporting this issue.

2012-07-01 icloud.com/calendar

A cross-site scripting issue was addressed. We would like to acknowledge Damien Couturier for reporting this issue.

2012-06-30 auth.me.com

A cross-site scripting issue was addressed. We would like to acknowledge David Vieira-Kurz of MajorSecurity (majorsecurity.net) for reporting this issue.

2012-06-28 swdlp.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-06-25 store.apple.com

An open redirector issue was addressed. We would like to acknowledge Rafael Silva of EstuárioTI for reporting this issue.

2012-06-25 chomp.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Jacob Soo (@Gunther_AR) of ARTeam for reporting this issue.

2012-06-06 canadaedu.apple.com

An SQL injection issue was addressed. We would like to acknowledge Harsha Vardhan Boppana of Vignan University and Saurabh Chandrakant Nemade of PCCOE PUNE for reporting this issue.

2012-05-21 espressoweb.apple.com

A server configuration issue was addressed. We would like to acknowledge Diego Pérez López (@capitantiquela) of El Pilón Security for reporting this issue.

2012-05-21 appledirectory.apple.com

A server configuration issue was addressed. We would like to acknowledge Diego Pérez López (@capitantiquela) of El Pilón Security for reporting this issue.

2012-05-16 lists.apple.com

A persistent cross-site scripting issue and an information disclosure issue were addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting these issues.

2012-05-15 onetoone.apple.com

A mixed-content issue was addressed. We would like to acknowledge Ari Rubenstein for reporting this issue.

2012-05-11 discussions.apple.com

A clickjacking issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-05-11 jobs.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Juan Galiana Lara for reporting this issue.

2012-05-03 reseller.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-05-02 mfi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-04-30 support.apple.com/kb

A cross-site scripting issue was addressed. We would like to acknowledge -Divine-, Ucha Gobejishvili (twitter.com/longrifle0x), Christof Porten of tomate-blog.de, Atul Shedage of securitysolution.co.in, Matthew Wong of Spotflux, Vasil Andonov, and Jim Leirvik for reporting this issue.

2012-04-25 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.

2012-04-14 daw.apple.com

A redirection issue was addressed. We would like to acknowledge João Lucas Melo Brasio of DotFive Labs Desenvolvimento de Softwares LTDA (Brazil) (dotfivelabs.com.br) for reporting this issue.

2012-04-13 eduapp.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mateusz Goik of AliantSoft for reporting this issue.

2012-04-09 iTunes.apple.com

An insecure cookie issue was addressed. We would like to acknowledge Bernhard 'Bruhns' Brehm of Recurity Labs for reporting this issue.

2012-04-04 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Freedom of DIY-HACK.com for reporting this issue.

2012-04-04 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Freedom of DIY-HACK.com for reporting this issue.

2012-04-03 support.apple.com

A server configuration issue was addressed. We would like to acknowledge Marc-Etienne M.Léveillé of CISSP Groupies and Edovia for reporting this issue.

2012-03-30 applecaresurvey.apple.com

A server configuration issue was addressed. We would like to acknowledge Hendrik Lowen of MGS Bank (mgs.li) and Laurent Oudot of TEHTRI-Security for reporting this issue.

2012-03-30 search.lists.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-03-30 lists.apple.com

A server configuration issue was addressed. We would like to acknowledge Julius Kivimäki for reporting this issue.

2012-03-30 consultants.apple.com

A file path injection issue was addressed. We would like to acknowledge olivier beg of bitshosting.nl for reporting this issue.

2012-03-29 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Jobert Abma of Online24 for reporting this issue.

2012-03-29 lists.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-03-29 rtc.euro.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-03-29 acn-members.apple.com

A server configuration issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com for reporting this issue.

2012-03-26 developer.apple.com

A server configuration issue was addressed. We would like to acknowledge Laurent Oudot of TEHTRI-Security.com for reporting this issue.

2012-03-26 widgets.itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Elvin Hayes Gentiles of Technological University of the Philippines for reporting this issue.

2012-03-22 enroll.vpp.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Pedro Jorge da Silva Batista for reporting this issue.

2012-03-22 consultants.apple.com

A type conversion issue and server configuration issue were addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting these issues.

2012-03-22 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Shadab Siddiqui for reporting this issue.

2012-03-21 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Masato Kinugawa for reporting this issue.

2012-03-19 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mario Gomes (@NetFuzzer) of netfuzzer.blogspot.com for reporting this issue.

2012-03-16 tunes.apple.com

An SQL injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research and Till Toenges of Kyon for reporting this issue.

2012-03-14 edseminars.apple.com

An SQL injection issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-03-14 edseminars.apple.com

SQL injection and cross-site scripting issues were addressed. We would like to acknowledge Mohd. Shadab Siddiqui of vulnerability-lab.com for reporting these issues.

2012-03-09 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Spotflux for reporting this issue.

2012-03-05 jiveuat-us.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki for reporting this issue.

2012-02-29 icloud.com/contacts

A cross-site scripting issue was addressed. We would like to acknowledge Kyle Osborn of @thekos for reporting this issue.

2012-02-24 iforgot.apple.com

A redirection issue was addressed. We would like to acknowledge Joao Lucas Melo Brasio of White Hat Hackers & DotFive Labs & PUC-Campinas (Brazil) (whitehathackers.com.br), and Himanshu Sharma (нα¢кєя) of s3curity.net for reporting this issue.

2012-02-21 mynews.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-20 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-20 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Alexander Fuchs of vulnerability-lab.com for reporting this issue.

2012-02-15 volume.itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-14 apple.com/hk/reseller

A cross-site scripting issue was addressed. We would like to acknowledge alpacahack.com for reporting this issue.

2012-02-12 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Spotflux for reporting this issue.

2012-02-10 apple.com/global

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-06 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Sow Ching Shiong of Stratsec for reporting this issue.

2012-02-03 consultants.apple.com

A server misconfiguration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-02-02 genifp.apple.com

A header injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-01 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Himanshu Sharma (нα¢кєя) of s3curity.net and Pratik KC (phybeя) of phybersecurity.net for reporting this issue.

2012-02-01 promo.euro.apple.com/tellafriend

A cross-site scripting issue was addressed. We would like to acknowledge Griffin Francis of John Paul College, NSW, Australia for reporting this issue.

2012-01-26 evaluatemacs.apple.com

A full path disclosure issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.

2012-01-25 jobs.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-01-25 jobs.apple.com

An HTML injection issue was addressed. We would like to acknowledge Daejin Lee from Daeyeon High School, Busan, South Korea for reporting this issue.

2012-01-25 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Griffin Francis of John Paul College, NSW, Australia and Suleman Ali of the Dunbarton HS in Canada for reporting this issue.

2012-01-24 itunesconnect.apple.com

An application logic issue was addressed. We would like to acknowledge Tim Sawtell from Sawtell Software, Tom Andersen of Spot Documents, Apptividia Co., Ltd, and Jonathan Lint for reporting this issue.

2012-01-17 images.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki for reporting this issue.

2012-01-13 storechat.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Brooklyn Technical High School for reporting this issue.

2012-01-13 wdg2.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-01-12 wdg2.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mario Gomes for reporting this issue.

2012-01-09 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2012-01-09 store.apple.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-01-09 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Marc-Etienne M.Léveillé of CISSP Groupies and Edovia for reporting this issue.

2012-01-09 icloud.com

A cross-site scripting issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com for reporting this issue.

2012-01-09 appleseed.apple.com

An access control issue was addressed. We would like to acknowledge Christopher SJ Ong for reporting this issue.

2012-01-06 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Himanshu Sharma (нα¢кєя) of s3curity.net, Cim Stordal, Belmin Vehabovic, Jose A. Vazquez of spa-s3c.blogspot.com, Keita Haga of keitahaga.com, Olivier Beg of spinozalyceum, and Aditya Gupta, Subho Halder and Dev Kar from KIIT University, India for reporting this issue.

2011-12-21 mfi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com for reporting this issue.

2011-12-19 gsxws2ut.apple.com

An information disclosure issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com and Julius Kivimäki for reporting this issue.

2011-12-13 acn-members.apple.com

A credential issue was addressed. We would like to acknowledge Griffin Francis of John Paul College, NSW, Australia for reporting this issue.

2011-12-12 canadaapp.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2011-12-07 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2011-12-06 me.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2011-12-05 images.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2011-12-05 ax.search.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Bernhard 'Bruhns' Brehm of Recurity Labs for reporting this issue.

2011-11-17 rss.support.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-11-13 km.support.apple.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-11-08 discussionsjapan.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Koki Nakayasu of Keio University for reporting this issue.

2011-11-01 wdg2.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-28 radarsubmissions.apple.com

An information disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2011-10-27 opensource.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki for reporting this issue.

2011-10-26 ade.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-25 edcommunity.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mike Bailey for reporting this issue.

2011-10-25 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research, Abubakr Soliman (@bakrianoo) from Sinai University, and Maheshkumar Darji (facebook.com/myths.tailor) for reporting this issue.

2011-10-25 expresslane.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann ofnilsjuenemann.de for reporting this issue.

2011-10-24 developer.apple.com

A mixed-content issue was addressed. We would like to acknowledge Glenn Tenney of Fantasia Systems Inc. for reporting this issue.

2011-10-21 evaluatemacs.apple.com

A full path disclosure issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.

2011-10-21 apple.com/tw/reseller

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2011-10-17 wsidecar.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-14 setup.apple.com

An incorrect URL localization issue was addressed. We would like to acknowledge Dirk Haun for reporting this issue.

2011-10-07 wsidecar.apple.com

An SQL injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-05 reseller.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-30 wsidecar.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-30 reportingitc.apple.com

An SSL configuration issue was addressed. We would like to acknowledge David Dunham of A Sharp, LLC, Ron Avitzur of Pacific Tech Software, and Attila Soki for reporting this issue.

2011-09-28 help.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Matias P. Brutti, Sr. Security Consultant at IOActive, Inc for reporting this issue.

2011-09-27 support.apple.com/repairstatus

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-09-27 evaluatemacs.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-16 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-09-12 daw.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-12 daw2.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-08 storechat.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge "some stupid nerd" for reporting this issue.

2011-09-07 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-02 apple.com

A server misconfiguration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2011-08-29 developer.apple.com/search

A cross-site scripting issue was addressed. We would like to acknowledge Rahat Mahbub from Maple Leaf International School, and Cim Stordal for reporting this issue.

2011-08-29 qtdevseed.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-25 backend.media.euro.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-25 backend.media.euro.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki of Cracow University of Technology, Poland for reporting this issue.

2011-08-24 canadaapp.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-22 apple.com/tellafriend

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-17 itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-15 backend.media.euro.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Damien Couturier for reporting this issue.

2011-08-11 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-10 dzc.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-10 buy.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-09 wsidecar.apple.com

A server configuration issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-05 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-01 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jobert Abma of Online24 for reporting this issue.

2011-07-29 daw.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-22 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge d3v1l for reporting this issue.

2011-07-21 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge d3v1l, and Emanuele Gentili of Tiger Security S.r.l. (tigersecurity.it) for reporting this issue.

2011-07-20 documentation.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-19 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-18 consultants.apple.com/services.php

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-15 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Himanshu Sharma of the Doon Public School in New Delhi, India for reporting this issue.

2011-07-12 consultants-locator.apple.com

An iFrame and an SQL injection issue were addressed. We would like to acknowledge Idahc for reporting this issue.

2011-07-09 apple.com/retail

A SQL injection issue was addressed. We would like to acknowledge Ben Love for reporting this issue.

2011-07-06 developer.apple.com

An arbitrary redirect issue was addressed. We would like to acknowledge Michiel Prins of Online24 for reporting this issue.

2011-07-06 apple.com/search

An HTML injection issue was addressed. We would like to acknowledge David Vieira-Kurz of MajorSecurity (majorsecurity.net) for reporting this issue.

2011-06-30 connect.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Gautam Kok of Webnuts.nl for reporting this issue.

2011-06-28 developer.apple.com

Arbitrary URL redirect and HTTP response splitting issues were addressed. We would like to acknowledge YGN Ethical Hacker Group (yehg.net) for reporting these issues.

2011-06-28 search.lists.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Drew Hintz of Google Security for reporting this issue.

2011-06-20 developer.apple.com

A path disclosure issue was addressed. We would like to acknowledge Graham Lee of Fuzzy Aliens for reporting this issue.

2011-06-02 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-05-21 iTunes Store and Mac App Store

A password validation issue was addressed in the handling of AOL accounts. We would like to acknowledge Joshua Long of security.thejoshmeister.com for reporting this issue.

2011-05-03 id.apple.com

A server configuration issue was addressed. We would like to acknowledge William LaFrance for reporting this issue.

2011-05-02 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Billy Rios of the Google Security Team for reporting this issue.

2011-04-17 ftp.apple.com

A cross-site request forgery issue was addressed. We would like to acknowledge Maksymilian Arciemowicz for reporting this issue.

2011-03-09 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-03-09 evaluatemacs.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-03-09 consultants-locator.apple.com

A path disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-03-09 evaluatemacs.apple.com

A path disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-02-24 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Peter Ellehauge of Yahoo! paranoids for reporting this issue.

2011-02-16 acn-members.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.

2011-02-16 consultants.apple.com

An error logging issue was addressed. We would like to acknowledge Laurent Oudot of TEHTRI-Security.com for reporting this issue.

2011-01-11 latam.apple.com

A path disclosure issue was addressed. We would like to acknowledge Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.

2010-12-07 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Sami Mrabet for reporting this issue.

2010-11-29 buyiphone.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Securitylab.ir and Nikola Milevski for reporting this issue.

2010-10-04 store.apple.com

store.apple.com was updated to address an issue allowing certain web resources to be loaded over HTTP. We would like to acknowledge Elena POINCET of TEHTRI-Security.com for reporting this issue.

2010-10-04 developer.apple.com

An error logging issue was addressed. We would like to acknowledge Laurent Oudot of TEHTRI-Security.com for reporting this issue.

2010-09-29 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Ivan Sanchez for reporting this issue.

2010-09-24 channelprograms.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Morten Wold of the HackTalk Security Team for reporting this issue.

2010-08-18 education.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki of Cracow University of Technology, Poland for reporting this issue.

2010-07-01 me.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2010-06-17 me.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Stephane Lunati for reporting this issue.

2010-06-17 me.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2010-05-18 edcommunity.apple.com, latam.apple.com

Two individual cross-site scripting issues were addressed. We would like to acknowledge IFailStuff of EvilZone.org for reporting this issue.

2009-12-31 hk/en/reseller

An SQL injection issue was addressed. We would like to acknowledge Aditya K Sood of SecNiche Security Labs and Rohit Bansal for reporting this issue.

2009-11-05 me.com/mail

The MobileMe Mail application has been updated to address a cross-site scripting issue and an issue allowing spam messages to trigger requests to third-party web servers. We would like to acknowledge Stephane Lunati from TouchMatter.com for reporting the issues.

2009-10-31 edseminars.apple.com

Cross-site scripting issues were addressed. We would like to acknowledge Damien Couturier for reporting these issues.

2009-10-09 me.com/mail

The MobileMe site has corrected several cross-site scripting issues that could be triggered after an attacker has compromised an account. We would like to acknowledge Haroon Meer of SensePost for reporting this issues.

2009-07-01 idisk.me.com

A directory traversal issue was addressed. We would like to acknowledge Jeremy Richards for reporting this issue.

2009-05-26 alacservice.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mystick for reporting this issue.

2009-04-16 iTunes Store

An HTTP response header splitting issue in the iTunes Store was addressed. We would like to acknowledge Will Drewry for reporting this issue.

2009-01-10 store.apple.com

Two cross-site scripting issues were addressed. We would like to acknowledge Christian Matthies for reporting this issue.

2008-12-11 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger of MySpace Security Team for reporting this issue.

2008-12-04 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger of MySpace Security Team for reporting this issue.

2008-12-04 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger of MySpace Security Team for reporting this issue.

2008-11-06 me.com

Multiple cross-site request forgery and cross-site scripting issues in MobileMe web applications were fixed. We would like to acknowledge Richard Vaneeden, Sr. Security Consultant at IOActive, Inc. and Ilja Van Sprundel, Principal Security Consultant at IOActive, Inc. for reporting the issues.

2008-11-06 discussions.apple.com

A cross-site scripting issue in the Apple Discussions page was fixed. We would like to acknowledge Richard Vaneeden, Sr. Security Consultant at IOActive, Inc. and Ilja Van Sprundel, Principal Security Consultant at IOActive, Inc. for reporting this issue.

2008-10-17 homepage.mac.com

A cross-site scripting issue was addressed. We would like to acknowledge Yoshinori Ohta of Business Architects Inc. for reporting this issue.

2008-07-30 auth.apple.com

An authentication bypass issue in the MobileMe account information page was addressed. Credit to Thomas Pedley of ShALLaX for reporting this issue.

2008-07-11 edcommunity.apple.com

An SQL injection issue was addressed. We would like to acknowledge Nenad Stojanovski and Travis Schack for reporting this issue.

2008-06-09 iTunes Store

An open redirector in the iTunes Store was addressed. We would like to acknowledge Nenad Stojanovski for reporting this issue.

2008-05-16 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mike Zusman of Intrepidus Group for reporting this issue.

2008-04-28 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Bloom for reporting this issue.

2008-03-31 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Bloom for reporting this issue.

2007-10-26 iforgot.apple.com/

A cross-site scripting issue was addressed. We would like to acknowledge Waqas Nazir of DigitSEC for reporting the issue.

2007-10-05 support.apple.com/techtooldeluxe/

A cross-site scripting issue was addressed. We would like to acknowledge Kenichi Maehashi of Hosei University for reporting the issue.

2007-09-26 education.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting the issue.

2007-09-26 edcommunity.apple.com

Two individual cross-site scripting issues were addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting these issues.

2007-07-16 Apple Store Locator

An SQL injection issue was corrected in the Apple Store Locator. No customer data is stored on or is handled by the affected database. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting these issues.

2007-05-17 jobs.apple.com

A cross-site scripting issue was corrected on jobs.apple.com. We would like to acknowledge Dinis Cruz of Ounce Labs for reporting this issue.

2007-04-30 Apple website

Apple corrected a cross-site scripting issue on searchcgi.apple.com. We would like to acknowledge Nitesh Dhanjani for reporting this issue.

2005-12-14 Developer Connection Website

Apple corrected an issue on the connect.apple.com website that could have caused an email address to be disclosed. We would like to acknowledge Hernan Ochoa for reporting this issue.

2005-10-11 Apple Websites

Apple has corrected two issues related to PHP on the ali.apple.com and education.apple.com websites. No customer data is stored on or is handled by either of these systems. We would like to acknowledge Johannes Fahrenkrug for reporting these issues.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information.

Last Modified:
Helpful?
84% of people found this helpful.

Additional Product Support Information

Start a Discussion

in Apple Support Communities
See all questions on this article See all questions I have asked
United States (English)