Apple Web Server notifications

Credits

2009-07-01 idisk.me.com

A directory traversal issue was addressed. We would like to acknowledge Jeremy Richards for reporting this issue.

2009-04-16 iTunes Store

An HTTP response header splitting issue in the iTunes Store was addressed. We would like to acknowledge Will Drewry for reporting this issue.

2009-01-10 store.apple.com

Two cross-site scripting issues were addressed. We would like to acknowledge Christian Matthies for reporting this issue.

2008-12-11 www.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger of MySpace Security Team for reporting this issue.

2008-12-04 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger of MySpace Security Team for reporting this issue.

2008-12-04 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger of MySpace Security Team for reporting this issue.

2008-11-06 me.com

Multiple cross-site request forgery and cross-site scripting issues in MobileMe web applications were fixed. We would like to acknowledge Richard Vaneeden, Sr. Security Consultant at IOActive, Inc. and Ilja Van Sprundel, Principal Security Consultant at IOActive, Inc. for reporting the issues.

2008-11-06 discussions.apple.com

A cross-site scripting issue in the Apple Discussions page was fixed. We would like to acknowledge Richard Vaneeden, Sr. Security Consultant at IOActive, Inc. and Ilja Van Sprundel, Principal Security Consultant at IOActive, Inc. for reporting this issue.

2008-07-30 auth.apple.com

An authentication bypass issue in the MobileMe account information page was addressed. Credit to Thomas Pedley of ShALLaX for reporting this issue.

2008-07-11 edcommunity.apple.com

An SQL injection issue was addressed. We would like to acknowledge Nenad Stojanovski and Travis Schack for reporting this issue.

2008-06-09 iTunes Store

An open redirector in the iTunes Store was addressed. We would like to acknowledge Nenad Stojanovski for reporting this issue.

2008-05-16 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mike Zusman of Intrepidus Group for reporting this issue.

2008-04-28 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Bloom for reporting this issue.

2008-03-31 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Bloom for reporting this issue.

2007-10-26 iforgot.apple.com/

A cross-site scripting issue was addressed. We would like to acknowledge Waqas Nazir of DigitSEC for reporting the issue.

2007-10-05 support.apple.com/techtooldeluxe/

A cross-site scripting issue was addressed. We would like to acknowledge Kenichi Maehashi of Hosei University for reporting the issue.

2007-09-26 education.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting the issue.

2007-09-26 edcommunity.apple.com

Two individual cross-site scripting issues were addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting these issues.

2007-07-16 Apple Store Locator

An SQL injection issue was corrected in the Apple Store Locator. No customer data is stored on or is handled by the affected database. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting these issues.

2007-05-17 jobs.apple.com

A cross-site scripting issue was corrected on jobs.apple.com. We would like to acknowledge Dinis Cruz of Ounce Labs for reporting this issue.

2007-04-30 Apple website

Apple corrected a cross-site scripting issue on searchcgi.apple.com. We would like to acknowledge Nitesh Dhanjani for reporting this issue.

2005-12-14 Developer Connection Website

Apple corrected an issue on the connect.apple.com website that could have caused an email address to be disclosed. We would like to acknowledge Hernan Ochoa for reporting this issue.

2005-10-11 Apple Websites

Apple has recently corrected two issues related to PHP on the ali.apple.com and education.apple.com websites. No customer data is stored on or is handled by either of these systems. We would like to acknowledge Johannes Fahrenkrug for reporting these issues.