Apple Web Server notifications

Credits

2013-04-03 madeforipodandiphone.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Rishal Dwivedi (रिशाल द्विवेदी) and Manjot Singh (मनजोत सिंह) for reporting this issue.

2013-03-30 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Bilal K of ZentrixPlus.net and Gerardo Salazar of openwiresec.com for reporting this issue.

2013-03-22 iforgot.apple.com

A password reset issue was addressed. We would like to acknowledge Vaibhav Khatke of Syntel inc for reporting this issue.

2013-03-22 consultants-locator.apple.com

An out-of-date software issue was addressed. We would like to acknowledge Mayur Lohite of mayurlohite.blogspot.in for reporting this issue.

2013-03-19 iphone-wu.apple.com

An XML external entity processing issue was addressed. We would like to acknowledge Artem Chaykin of Positive Technologies for reporting this issue.

2013-03-15 genifp.apple.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research and E Sanchez for reporting this issue.

2013-03-14 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Tushar Rajhans Kumbhare of defencely.com for reporting this issue.

2013-03-12 myinfo.apple.com

A TLS renegotiation issue was addressed. We would like to acknowledge Yngve N. Pettersen of Opera Software ASA for reporting this issue.

2013-03-06 ade.apple.com

A site misconfiguration issue was addressed. We would like to acknowledge Tushar Rajhans Kumbhare of www.defencely.com for reporting this issue.

2013-03-05 evaluatemacs.apple.com

An information disclosure issue was addressed. We would like to acknowledge Malte Batram of batr.am for reporting this issue.

2013-03-04 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Milan Bačkonja for reporting this issue.

2013-03-04 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Dmitriy Serebryannikov (@dsrbr) of Positive Technologies, Siddhesh Gawde (facebook.com/pen3t3r) and Fabián Cuchietti (ar.linkedin.com/in/fabiancuchietti/) for reporting this issue.

2013-02-28 daw.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Ahmed Mohamed Hassan Aboul-Ela of Starware for reporting this issue.

2013-02-27 iforgot.apple.com

A password reset issue was addressed. We would like to acknowledge ankit bharathan (lonely-hacker) for reporting this issue.

2013-02-16 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Fernando Muñoz from nullgroup.com for reporting this issue.

2013-02-15 developer.apple.com

An HTTPS configuration issue was addressed. We would like to acknowledge Nikhil.P.Kulkarni (@nikchillz) of Break The Security team for reporting this issue.

2013-02-15 volume.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Yuji Kosuga for reporting this issue.

2013-02-12 appleid.apple.com

Security questions no long autocomplete. We would like to acknowledge JATIN JAIN for suggesting this enhancement.

2013-02-11 apple.com/support/security/pgp

A mixed-content issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2013-02-11 concierge.apple.com

A mixed-content issue was addressed. We would like to acknowledge Ari Rubinstein for reporting this issue.

2013-02-11 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mohamed Ramadan from Attack-Secure.com for reporting this issue.

2013-02-11 aatcportal.apple.com

An information disclosure issue was addressed. We would like to acknowledge Christy Philip Mathew of Offcon Info Security for reporting this issue.

2013-02-08 rugby.apple.com

A file-existence disclosure issue was addressed. We would like to acknowledge Chema Alonso and José Miguel Soriano of Informatica64.com for reporting this issue.

2013-02-07 consultants.apple.com

An SQL injection issue was addressed. We would like to acknowledge Evgeny Ermakov (@crw__) of Positive Technologies for reporting this issue.

2013-02-05 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Fernando Muñoz Sánchez from Null Group nullgroup.com/ for reporting this issue.

2013-02-04 consultants.apple.com

An information disclosure issue was addressed. We would like to acknowledge Malte Batram of batr.am for reporting this issue.

2013-01-31 trailers.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Subhash Dasyam, Jinen Patel, and Mukesh Chowdary of hicubes.com for reporting this issue.

2013-01-29 jobs.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Frans Rosén from Detectify for reporting this issue.

2013-01-28 deimos.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2013-01-25 apple.com

A mixed-content issue was addressed. We would like to acknowledge SiddhartH SolankI of hackforsecurity.com for reporting this issue.

2013-01-23 itunes.apple.com

Active content is now served over HTTPS by default. We would like to acknowledge Bernhard 'Bruhns' Brehm of Recurity Labs, Elie Bursztein of Google, and Rahul Iyer of Bejoi LLC for reporting this issue.

2013-01-18 daw.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Shubham Mittal of 3ncrypt0r.blogspot.com for reporting this issue.

2013-01-18 developer.apple.com

A mixed-content issue was addressed. We would like to acknowledge David Benjamin of the Massachusetts Institute of Technology and Louis Romero (@Arcank) for reporting this issue.

2013-01-14 consultants.apple.com

An HTTP response splitting issue was addressed. We would like to acknowledge Prakhar Prasad of Security Pulse for reporting this issue.

2013-01-14 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Danijel Maksimović (@MaXoN3) for reporting this issue.

2013-01-14 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mirza Burhan Baig of blackbitz.net for reporting this issue.

2013-01-09 ade.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Prakhar Prasad of Security Pulse and National Anti-Hacking Group, and Rahul Mali of Willingdon College, Sangli (India) for reporting this issue.

2013-01-08 *.apple.com

TLS renegotiation issues were addressed on multiple Apple webservers. We would like to acknowledge Yngve N. Pettersen of Opera Software ASA for reporting these issues.

2013-01-08 edseminars.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Rafay Baloch of rafayhackingarticles.net for reporting these issues.

2013-01-04 canadaedu.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2013-01-04 consultants.apple.com

A source code disclosure issue was addressed. We would like to acknowledge Clint Ruoho of Laconic Security for reporting this issue.

2013-01-03 help.apple.com/ipad

An information disclosure issue was addressed. We would like to acknowledge Pradeep Jairamani (Black_Eagle) and Gurjant Singh (Godhacker_IHOS) for reporting this issue.

2012-12-20 iforgot.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Danijel Maksimović (@MaXon3) for reporting this issue.

2012-12-19 training.apple.com

An out-of-date software issue was addressed. We would like to acknowledge Shubham Mittal of 3ncrypt0r.blogspot.com for reporting this issue.

2012-12-18 ssl.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Adam Ziaja of adamziaja.com for reporting this issue.

2012-12-17 acn-members.apple.com

A server configuration issue was addressed. We would like to acknowledge Vikas Chopalli and Naresh Chattala of gitamite.com, and Roy Castillo (roy-castillo.com) of Informatics Computer Institute - Cebu, Philippines for reporting this issue.

2012-12-17 appleid.apple.com

A session fixation issue was addressed. We would like to acknowledge Ben Brenner for reporting this issue.

2012-12-14 widgets.itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Kamil Sevi (@sevikamil), and Atulkumar Hariba Shedage and Ritesh Arunkumar Sarvaiya of defencely.com for reporting this issue.

2012-12-11 daw.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-12-07 ssl.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Emanuel Bronshtein (@e3amn2l) for reporting this issue.

2012-12-06 ax.search.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Frans Rosén of detectify.com for reporting this issue.

2012-12-02 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Thamatam Deepak (Mr.47™) Of V.M.R Polytechnic Warangal, and Mohit Kumar (@unix_root) of The Hacker News for reporting this issue.

2012-12-02 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jatinpreet Singh of AKSIPS (Ajit Karam Singh International Public School, Chandigarh), M.R.Vignesh Kumar (@vigneshkumarmr) and Alok.J.Sudhakar of Team SecurityPrimes, Ajay Singh Negi of iViZ Techno Solutions Pvt. Ltd., and JATIN JAIN and Nikhil Kumar for reporting this issue.

2012-12-02 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mohamed Ramadan from Attack-Secure.com, Himanshu Sharma (нα¢кєя) and Advait Joshi (S.V.P.C.E.T.) for reporting this issue.

2012-12-02 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Kamil Sevi (@sevikamil) for reporting this issue.

2012-11-30 itunes.com

A cross-site scripting issue was addressed. We would like to acknowledge Frans Rosén of detectify.com for reporting this issue.

2012-11-30 store.apple.com

A server configuration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-11-29 canadaedu.apple.com

A potential header injection issue was addressed. We would like to acknowledge Ucha Gobejishvili (twitter.com/longrifle0x), Mayur Lohite of techdeviners.com, Rafay Baloch of rafayhackingarticles.net, Douglas Lourenço (@DouglasLour) of elitewhitehat.com.br, Deepanker Verma of HackingTricks.in, and Prakhar Prasad for reporting this issue.

2012-11-28 developer.apple.com

A server configuration disclosure issue was addressed. We would like to acknowledge Mohamed Ramadan of Attack-Secure.com for reporting this issue.

2012-11-27 enroll.vpp.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Rishal & Manjot, and Harsha Vardhan Boppana for reporting this issue.

2012-11-26 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Bozhidar Grujoski of SOU Gimnazija Mirche Acev for reporting this issue.

2012-11-16 ali.apple.com

A server configuration issue was addressed. We would like to acknowledge Julius Kivimäki for reporting this issue.

2012-11-15 origin-discussions-kr.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Ryan Dewhurst of randomstorm.com, and Prakhar Prasad for reporting this issue.

2012-11-14 searchcgi.apple.com

A local file inclusion issue was addressed. We would like to acknowledge Никола Којић (Nikola Kojic) for reporting this issue.

2012-11-08 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Siddhesh Gawde (St. Francis Institute of Technology (SFIT)) and Dylan S. Hailey (@TibitXimer) for reporting this issue.

2012-11-05 chomp.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Spotflux for reporting this issue.

2012-11-02 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Deniz Isik of bursali.eu for reporting this issue.

2012-10-30 support.apple.com

Reflected cross-site scripting issues were addressed. We would like to acknowledge Anupam Bishui of iiserrors.com, and Gerardo Salazar for reporting these issues.

2012-10-28 selfsolve.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Ahmad Ashraff (@yappare) for reporting this issue.

2012-10-25 images.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Milad Bahari Rad (@Milad_Bahari) for reporting this issue.

2012-10-19 education.apple.com

A server configuration issue was addressed. We would like to acknowledge Douglas Lourenço (@DouglasLour) of elitewhitehat.com.br for reporting this issue.

2012-10-11 rtc.euro.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2012-10-10 id.apple.com

A weak DKIM cryptographic key was replaced. We would like to acknowledge Zach Harris (@DrZacharyHarris) of Ninebark Consulting for reporting this issue.

2012-10-04 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Florian Grunow for reporting this issue.

2012-10-04 trailers.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-10-04 appldnld.apple.com

A header injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-10-04 concierge.apple.com

An SSL configuration error was addressed. We would like to acknowledge Alexander Burke of alexburke.ca for reporting this issue.

2012-10-04 iforgott.apple.com

A URL disclosure issue was addressed. We would like to acknowledge Alessio Ganci of ssep.it for reporting this issue.

2012-10-04 canadaapp.apple.com

A server configuration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-10-04 images.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-10-04 apple.com

A server configuration issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-10-04 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Meir Bank of meirbank.com for reporting this issue.

2012-10-03 developer.apple.com

An iframe injection issue was addressed. We would like to acknowledge Mikko Saario of Nokia Corporation for reporting this issue.

2012-09-25 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Kamil Sevi (@sevikamil) for reporting this issue.

2012-09-25 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Michael Blake for reporting this issue.

2012-09-24 trailers.apple.com

An SQL injection issue was addressed. We would like to acknowledge Dinesh Shetty of Paladion Networks for reporting this issue.

2012-09-20 apple.com/recycling

A reflected cross-site scripting issue was addressed. We would like to acknowledge Jacob Soo of ARTeam (@Gunther_AR) for reporting this issue.

2012-09-19 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Yosuke Hasegawa of NetAgent Co., Ltd and Mario Gomes (@NetFuzzer) for reporting this issue.

2012-09-18 docs.info.apple.com

A server configuration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-09-18 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research and [tcpper] for reporting this issue.

2012-09-18 iphone-ld.apple.com

A directory-indexing issue was addressed. We would like to acknowledge Krutarth Shukla & Harsha Vardhan Boppana for reporting this issue.

2012-09-11 acn-members.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-09-11 edseminars.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Siddhesh Gawde of St. Francis Institute of Technology (SFIT) for reporting this issue.

2012-09-07 canadaedu.apple.com

An information disclosure issue was addressed. We would like to acknowledge Mayur Lohite of mayurlohite.blogspot.in for reporting this issue.

2012-08-31 docs.info.apple.com

A server configuration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-08-30 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Ioannis Kapolos of firstplace.gr for reporting this issue.

2012-08-30 crt.apple.com

A directory traversal issue was addressed. We would like to acknowledge Kirill Ermakov of Positive Research (ptsecurity.com/research/advisory/) for reporting this issue.

2012-08-29 docs.info.apple.com

A header injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research and Mario Gomes (@NetFuzzer) of netfuzzer.blogspot.com for reporting this issue.

2012-08-28 edseminars.apple.com

An arbitrary code execution issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-08-13 discussionskorea.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge David Vieira-Kurz of MajorSecurity (majorsecurity.net) for reporting this issue.

2012-08-10 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jaume Llopis of Ka0labs.net for reporting this issue.

2012-08-10 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge João Lucas Melo Brasio of White Hat Hackers Consultoria de Segurança da Informação LTDA (whitehathackers.com.br) for reporting this issue.

2012-08-09 consultants-locator.apple.com

An exposed session identifier issue was addressed. We would like to acknowledge Rishal Dwivedi of Kendriya Vidyalaya & Manjot Singh of Punjab Agriculture University for reporting this issue.

2012-08-09 support.apple.com/kb

An SQL injection issue was addressed. We would like to acknowledge Damien Couturier for reporting this issue.

2012-07-30 apple.com/promo/rebate

An application logic issue was addressed. We would like to acknowledge Adam Markowitz for reporting this issue.

2012-07-24 auth.me.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-07-24 fderegt.apple.com

A server configuration issue was addressed. We would like to acknowledge Alessio Ganci of ssep.it for reporting this issue.

2012-07-18 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Subho Halder, Isha Bhattacharya, Aditya Gupta and Dev Kar of XYSec Team for reporting this issue.

2012-07-18 promo.euro.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-07-18 iforgot.apple.com

A URL expiration issue was addressed. We would like to acknowledge JATIN JAIN (jatinjain.co.cc) for reporting this issue.

2012-07-17 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge João Lucas Melo Brasio of White Hat Hackers Consultoria de Segurança da Informação LTDA (whitehathackers.com.br) for reporting this issue.

2012-07-09 images.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Emanuel Bronshtein for reporting this issue.

2012-07-01 icloud.com/calendar

A cross-site scripting issue was addressed. We would like to acknowledge Damien Couturier for reporting this issue.

2012-06-30 auth.me.com

A cross-site scripting issue was addressed. We would like to acknowledge David Vieira-Kurz of MajorSecurity (majorsecurity.net) for reporting this issue.

2012-06-28 swdlp.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-06-25 store.apple.com

An open redirector issue was addressed. We would like to acknowledge Rafael Silva of EstuárioTI for reporting this issue.

2012-06-25 chomp.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Jacob Soo (@Gunther_AR) of ARTeam for reporting this issue.

2012-06-06 canadaedu.apple.com

An SQL injection issue was addressed. We would like to acknowledge Harsha Vardhan Boppana of Vignan University and Saurabh Chandrakant Nemade of PCCOE PUNE for reporting this issue.

2012-05-21 espressoweb.apple.com

A server configuration issue was addressed. We would like to acknowledge Diego Pérez López(@capitantiquela) of El Pilón Security for reporting this issue.

2012-05-21 appledirectory.apple.com

A server configuration issue was addressed. We would like to acknowledge Diego Pérez López(@capitantiquela) of El Pilón Security for reporting this issue.

2012-05-16 lists.apple.com

A persistent cross-site scripting issue and an information disclosure issue were addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting these issues.

2012-05-15 onetoone.apple.com

A mixed-content issue was addressed. We would like to acknowledge Ari Rubenstein for reporting this issue.

2012-05-11 discussions.apple.com

A clickjacking issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-05-11 jobs.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Juan Galiana Lara for reporting this issue.

2012-05-03 reseller.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-04-30 support.apple.com/kb

A cross-site scripting issue was addressed. We would like to acknowledge -Divine-, Ucha Gobejishvili (twitter.com/longrifle0x), Christof Porten of tomate-blog.de, Atul Shedage of securitysolution.co.in, Matthew Wong of Spotflux, Vasil Andonov, and Jim Leirvik for reporting this issue.

2012-04-25 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.

2012-04-14 daw.apple.com

A redirection issue was addressed. We would like to acknowledge João Lucas Melo Brasio of DotFive Labs Desenvolvimento de Softwares LTDA (Brazil) (dotfivelabs.com.br) for reporting this issue.

2012-04-13 eduapp.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mateusz Goik of AliantSoft for reporting this issue.

2012-04-09 iTunes.apple.com

An insecure cookie issue was addressed. We would like to acknowledge Bernhard 'Bruhns' Brehm of Recurity Labs for reporting this issue.

2012-04-04 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Freedom of DIY-HACK.com for reporting this issue.

2012-04-04 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Freedom of DIY-HACK.com for reporting this issue.

2012-04-03 support.apple.com

A server configuration issue was addressed. We would like to acknowledge Marc-Etienne M.Léveillé of CISSP Groupies and Edovia for reporting this issue.

2012-03-30 applecaresurvey.apple.com

A server configuration issue was addressed. We would like to acknowledge Hendrik Lowen of MGS Bank (mgs.li) and Laurent Oudot of TEHTRI-Security for reporting this issue.

2012-03-30 search.lists.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-03-30 lists.apple.com

A server configuration issue was addressed. We would like to acknowledge Julius Kivimäki for reporting this issue.

2012-03-30 consultants.apple.com

A file path injection issue was addressed. We would like to acknowledge olivier beg of bitshosting.nl for reporting this issue.

2012-03-29 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Jobert Abma of Online24 for reporting this issue.

2012-03-29 lists.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-03-29 rtc.euro.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-03-29 acn-members.apple.com

A server configuration issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com for reporting this issue.

2012-03-26 developer.apple.com

A server configuration issue was addressed. We would like to acknowledge Laurent Oudot of TEHTRI-Security.com for reporting this issue.

2012-03-26 widgets.itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Elvin Hayes Gentiles of Technological University of the Philippines for reporting this issue.

2012-03-22 enroll.vpp.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Pedro Jorge da Silva Batista for reporting this issue.

2012-03-22 consultants.apple.com

A type conversion issue and server configuration issue were addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting these issues.

2012-03-22 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Shadab Siddiqui for reporting this issue.

2012-03-21 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Masato Kinugawa for reporting this issue.

2012-03-19 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mario Gomes (@NetFuzzer) of netfuzzer.blogspot.com for reporting this issue.

2012-03-16 tunes.apple.com

An SQL injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research and Till Toenges of Kyon for reporting this issue.

2012-03-14 edseminars.apple.com

An SQL injection issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-03-14 edseminars.apple.com

SQL injection and cross-site scripting issues were addressed. We would like to acknowledge Mohd. Shadab Siddiqui of vulnerability-lab.com for reporting these issues.

2012-03-09 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Spotflux for reporting this issue.

2012-03-05 jiveuat-us.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki for reporting this issue.

2012-02-24 iforgot.apple.com

A redirection issue was addressed. We would like to acknowledge Joao Lucas Melo Brasio of White Hat Hackers & DotFive Labs & PUC-Campinas (Brazil) (whitehathackers.com.br), and Himanshu Sharma (нα¢кєя) of s3curity.net for reporting this issue.

2012-02-21 mynews.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-20 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-20 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Alexander Fuchs of vulnerability-lab.com for reporting this issue.

2012-02-15 volume.itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-14 apple.com/hk/reseller

A cross-site scripting issue was addressed. We would like to acknowledge alpacahack.com for reporting this issue.

2012-02-12 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Spotflux for reporting this issue.

2012-02-10 apple.com/global

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-06 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Sow Ching Shiong of Stratsec for reporting this issue.

2012-02-03 consultants.apple.com

A server misconfiguration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-02-01 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Himanshu Sharma (нα¢кєя) of s3curity.net and Pratik KC (phybeя) of phybersecurity.net for reporting this issue.

2012-02-01 promo.euro.apple.com/tellafriend

A cross-site scripting issue was addressed. We would like to acknowledge Griffin Francis of John Paul College, NSW, Australia for reporting this issue.

2012-01-26 evaluatemacs.apple.com

A full path disclosure issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.

2012-01-25 jobs.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-01-25 jobs.apple.com

An HTML injection issue was addressed. We would like to acknowledge Daejin Lee from Daeyeon High School, Busan, South Korea for reporting this issue.

2012-01-25 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Griffin Francis of John Paul College, NSW, Australia and Suleman Ali of the Dunbarton HS in Canada for reporting this issue.

2012-01-24 itunesconnect.apple.com

An application logic issue was addressed. We would like to acknowledge Tim Sawtell from Sawtell Software, Tom Andersen of Spot Documents, Apptividia Co., Ltd, and Jonathan Lint for reporting this issue.

2012-01-17 images.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki for reporting this issue.

2012-01-13 storechat.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Brooklyn Technical High School for reporting this issue.

2012-01-13 wdg2.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-01-12 wdg2.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mario Gomes for reporting this issue.

2012-01-09 store.apple.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-01-09 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Marc-Etienne M.Léveillé of CISSP Groupies and Edovia for reporting this issue.

2012-01-09 icloud.com

A cross-site scripting issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com for reporting this issue.

2012-01-09 appleseed.apple.com

An access control issue was addressed. We would like to acknowledge Christopher SJ Ong for reporting this issue.

2012-01-06 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Himanshu Sharma(нα¢кєя) of s3curity.net, Cim Stordal, Belmin Vehabovic, Jose A. Vazquez of spa-s3c.blogspot.com, Keita Haga of keitahaga.com, Olivier Beg of spinozalyceum, and Aditya Gupta, Subho Halder and Dev Kar from KIIT University, India for reporting this issue.

2011-12-21 mfi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com for reporting this issue.

2011-12-19 gsxws2ut.apple.com

An information disclosure issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com and Julius Kivimäki for reporting this issue.

2011-12-13 acn-members.apple.com

A credential issue was addressed. We would like to acknowledge Griffin Francis of John Paul College, NSW, Australia for reporting this issue.

2011-12-12 canadaapp.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2011-12-07 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2011-12-06 me.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2011-12-05 images.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2011-12-05 ax.search.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Bernhard 'Bruhns' Brehm of Recurity Labs for reporting this issue.

2011-11-17 rss.support.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-11-13 km.support.apple.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-11-08 discussionsjapan.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Koki Nakayasu of Keio University for reporting this issue.

2011-11-01 wdg2.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-28 radarsubmissions.apple.com

An information disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2011-10-27 opensource.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki for reporting this issue.

2011-10-26 ade.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-25 edcommunity.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mike Bailey for reporting this issue.

2011-10-25 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-25 expresslane.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann ofnilsjuenemann.de for reporting this issue.

2011-10-24 developer.apple.com

A mixed-content issue was addressed. We would like to acknowledge Glenn Tenney of Fantasia Systems Inc. for reporting this issue.

2011-10-21 evaluatemacs.apple.com

A full path disclosure issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.

2011-10-21 apple.com/tw/reseller

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2011-10-17 wsidecar.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-14 setup.apple.com

An incorrect URL localization issue was addressed. We would like to acknowledge Dirk Haun for reporting this issue.

2011-10-07 wsidecar.apple.com

An SQL injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-05 reseller.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-30 wsidecar.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-28 help.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Matias P. Brutti, Sr. Security Consultant at IOActive, Inc for reporting this issue.

2011-09-27 support.apple.com/repairstatus

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-09-27 evaluatemacs.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-16 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-09-12 daw.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-12 daw2.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-08 storechat.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge "some stupid nerd" for reporting this issue.

2011-09-07 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-02 apple.com

A server misconfiguration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2011-08-29 developer.apple.com/search

A cross-site scripting issue was addressed. We would like to acknowledge Rahat Mahbub from Maple Leaf International School, and Cim Stordal for reporting this issue.

2011-08-29 qtdevseed.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-25 backend.media.euro.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-25 backend.media.euro.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki of Cracow University of Technology, Poland for reporting this issue.

2011-08-24 canadaapp.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-22 apple.com/tellafriend

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-11 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-10 dzc.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-10 buy.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-09 wsidecar.apple.com

A server configuration issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-05 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-01 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jobert Abma of Online24 for reporting this issue.

2011-07-29 daw.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-22 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge d3v1l for reporting this issue.

2011-07-21 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge d3v1l, and Emanuele Gentili of Tiger Security S.r.l. (tigersecurity.it) for reporting this issue.

2011-07-20 documentation.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-19 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-18 consultants.apple.com/services.php

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-15 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Himanshu Sharma of the Doon Public School in New Delhi, India for reporting this issue.

2011-07-12 consultants-locator.apple.com

An iFrame and an SQL injection issue were addressed. We would like to acknowledge Idahc for reporting this issue.

2011-07-09 apple.com/retail

A SQL injection issue was addressed. We would like to acknowledge Ben Love for reporting this issue.

2011-07-06 developer.apple.com

An arbitrary redirect issue was addressed. We would like to acknowledge Michiel Prins of Online24 for reporting this issue.

2011-07-06 apple.com/search

An HTML injection issue was addressed. We would like to acknowledge David Vieira-Kurz of MajorSecurity (majorsecurity.net) for reporting this issue.

2011-06-30 connect.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Gautam Kok of Webnuts.nl for reporting this issue.

2011-06-28 developer.apple.com

Arbitrary URL redirect and HTTP response splitting issues were addressed. We would like to acknowledge YGN Ethical Hacker Group (yehg.net) for reporting these issues.

2011-06-20 developer.apple.com

A path disclosure issue was addressed. We would like to acknowledge Graham Lee of Fuzzy Aliens for reporting this issue.

2011-06-02 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-05-21 iTunes Store and Mac App Store

A password validation issue was addressed in the handling of AOL accounts. We would like to acknowledge Joshua Long of security.thejoshmeister.com for reporting this issue.

2011-05-03 id.apple.com

A server configuration issue was addressed. We would like to acknowledge William LaFrance for reporting this issue.

2011-05-02 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Billy Rios of the Google Security Team for reporting this issue.

2011-04-17 ftp.apple.com

A cross-site request forgery issue was addressed. We would like to acknowledge Maksymilian Arciemowicz for reporting this issue.

2011-03-09 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-03-09 evaluatemacs.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-03-09 consultants-locator.apple.com

A path disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-03-09 evaluatemacs.apple.com

A path disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-02-24 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Peter Ellehauge of Yahoo! paranoids for reporting this issue.

2011-02-16 acn-members.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.

2011-02-16 consultants.apple.com

An error logging issue was addressed. We would like to acknowledge Laurent Oudot of TEHTRI-Security.com for reporting this issue.

2011-01-11 latam.apple.com

A path disclosure issue was addressed. We would like to acknowledge Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.

2010-12-07 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Sami Mrabet for reporting this issue.

2010-10-04 store.apple.com

https://store.apple.com was updated to address an issue allowing certain web resources to be loaded over HTTP. We would like to acknowledge Elena POINCET of TEHTRI-Security.com for reporting this issue.

2010-10-04 developer.apple.com

An error logging issue was addressed. We would like to acknowledge Laurent Oudot of TEHTRI-Security.com for reporting this issue.

2010-09-24 channelprograms.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Morten Wold of the HackTalk Security Team for reporting this issue.

2010-08-18 education.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki of Cracow University of Technology, Poland for reporting this issue.

2010-07-01 me.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2010-06-17 me.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Stephane Lunati for reporting this issue.

2010-06-17 me.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2010-05-18 edcommunity.apple.com, latam.apple.com

Two individual cross-site scripting issues were addressed. We would like to acknowledge IFailStuff of EvilZone.org for reporting this issue.

2009-12-31 hk/en/reseller

An SQL injection issue was addressed. We would like to acknowledge Aditya K Sood of SecNiche Security Labs and Rohit Bansal for reporting this issue.

2009-11-05 me.com/mail

The MobileMe Mail application has been updated to address a cross-site scripting issue and an issue allowing spam messages to trigger requests to third-party web servers. We would like to acknowledge Stephane Lunati from TouchMatter.com for reporting the issues.

2009-10-09 me.com/mail

The MobileMe site has corrected several cross-site scripting issues that could be triggered after an attacker has compromised an account. We would like to acknowledge Haroon Meer of SensePost for reporting this issues.

2009-07-01 idisk.me.com

A directory traversal issue was addressed. We would like to acknowledge Jeremy Richards for reporting this issue.

2009-04-16 iTunes Store

An HTTP response header splitting issue in the iTunes Store was addressed. We would like to acknowledge Will Drewry for reporting this issue.

2009-01-10 store.apple.com

Two cross-site scripting issues were addressed. We would like to acknowledge Christian Matthies for reporting this issue.

2008-12-11 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger of MySpace Security Team for reporting this issue.

2008-12-04 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger of MySpace Security Team for reporting this issue.

2008-12-04 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger of MySpace Security Team for reporting this issue.

2008-11-06 me.com

Multiple cross-site request forgery and cross-site scripting issues in MobileMe web applications were fixed. We would like to acknowledge Richard Vaneeden, Sr. Security Consultant at IOActive, Inc. and Ilja Van Sprundel, Principal Security Consultant at IOActive, Inc. for reporting the issues.

2008-11-06 discussions.apple.com

A cross-site scripting issue in the Apple Discussions page was fixed. We would like to acknowledge Richard Vaneeden, Sr. Security Consultant at IOActive, Inc. and Ilja Van Sprundel, Principal Security Consultant at IOActive, Inc. for reporting this issue.

2008-10-17 homepage.mac.com

A cross-site scripting issue was addressed. We would like to acknowledge Yoshinori Ohta of Business Architects Inc. for reporting this issue.

2008-07-30 auth.apple.com

An authentication bypass issue in the MobileMe account information page was addressed. Credit to Thomas Pedley of ShALLaX for reporting this issue.

2008-07-11 edcommunity.apple.com

An SQL injection issue was addressed. We would like to acknowledge Nenad Stojanovski and Travis Schack for reporting this issue.

2008-06-09 iTunes Store

An open redirector in the iTunes Store was addressed. We would like to acknowledge Nenad Stojanovski for reporting this issue.

2008-05-16 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mike Zusman of Intrepidus Group for reporting this issue.

2008-04-28 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Bloom for reporting this issue.

2008-03-31 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Bloom for reporting this issue.

2007-10-26 iforgot.apple.com/

A cross-site scripting issue was addressed. We would like to acknowledge Waqas Nazir of DigitSEC for reporting the issue.

2007-10-05 support.apple.com/techtooldeluxe/

A cross-site scripting issue was addressed. We would like to acknowledge Kenichi Maehashi of Hosei University for reporting the issue.

2007-09-26 education.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting the issue.

2007-09-26 edcommunity.apple.com

Two individual cross-site scripting issues were addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting these issues.

2007-07-16 Apple Store Locator

An SQL injection issue was corrected in the Apple Store Locator. No customer data is stored on or is handled by the affected database. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting these issues.

2007-05-17 jobs.apple.com

A cross-site scripting issue was corrected on jobs.apple.com. We would like to acknowledge Dinis Cruz of Ounce Labs for reporting this issue.

2007-04-30 Apple website

Apple corrected a cross-site scripting issue on searchcgi.apple.com. We would like to acknowledge Nitesh Dhanjani for reporting this issue.

2005-12-14 Developer Connection Website

Apple corrected an issue on the connect.apple.com website that could have caused an email address to be disclosed. We would like to acknowledge Hernan Ochoa for reporting this issue.

2005-10-11 Apple Websites

Apple has corrected two issues related to PHP on the ali.apple.com and education.apple.com websites. No customer data is stored on or is handled by either of these systems. We would like to acknowledge Johannes Fahrenkrug for reporting these issues.