Apple Web Server notifications

Credits

2012-04-14 daw.apple.com

A redirection issue was addressed. We would like to acknowledge João Lucas Melo Brasio of DotFive Labs Desenvolvimento de Softwares LTDA (Brazil) (dotfivelabs.com.br) for reporting this issue.

2012-04-13 eduapp.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mateusz Goik for reporting this issue.

2012-04-09 iTunes.apple.com

An insecure cookie issue was addressed. We would like to acknowledge Bernhard 'Bruhns' Brehm of Recurity Labs for reporting this issue.

2012-04-04 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Freedom of DIY-HACK.com for reporting this issue.

2012-04-04 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Freedom of DIY-HACK.com for reporting this issue.

2012-04-03 support.apple.com

A server configuration issue was addressed. We would like to acknowledge Marc-Etienne M.Léveillé of CISSP Groupies and Edovia for reporting this issue.

2012-03-30 applecaresurvey.apple.com

A server configuration issue was addressed. We would like to acknowledge Hendrik Lowen of MGS Bank (www.mgs.li) and Laurent Oudot of TEHTRI-Security for reporting this issue.

2012-03-30 search.lists.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-03-30 lists.apple.com

A server configuration issue was addressed. We would like to acknowledge Julius Kivimäki for reporting this issue.

2012-03-30 consultants.apple.com

A file path injection issue was addressed. We would like to acknowledge olivier beg of bitshosting.nl for reporting this issue.

2012-03-29 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Jobert Abma of Online24 for reporting this issue.

2012-03-29 lists.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-03-29 rtc.euro.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-03-29 acn-members.apple.com

A server configuration issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com for reporting this issue.

2012-03-26 developer.apple.com

A server configuration issue was addressed. We would like to acknowledge Laurent Oudot of TEHTRI-Security.com for reporting this issue.

2012-03-26 widgets.itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Elvin Hayes Gentiles of Technological University of the Philippines for reporting this issue.

2012-03-22 enroll.vpp.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge George G for reporting this issue.

2012-03-22 consultants.apple.com

A type conversion issue and server configuration issue were addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting these issues.

2012-03-22 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Shadab Siddiqui for reporting this issue.

2012-03-19 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mario Gomes (@NetFuzzer) of netfuzzer.blogspot.com for reporting this issue.

2012-03-16 tunes.apple.com

An SQL injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research and Till Toenges of Kyon for reporting this issue.

2012-03-14 edseminars.apple.com

An SQL injection issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-03-14 edseminars.apple.com

SQL injection and cross-site scripting issues were addressed. We would like to acknowledge Mohd. Shadab Siddiqui of vulnerability-lab.com for reporting these issues.

2012-03-09 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Brooklyn Technical High School for reporting this issue.

2012-03-05 jiveuat-us.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki for reporting this issue.

2012-02-24 iforgot.apple.com

A redirection issue was addressed. We would like to acknowledge Joao Lucas Melo Brasio of White Hat Hackers & DotFive Labs & PUC-Campinas (Brazil) (whitehathackers.com.br), and Himanshu Sharma (нα¢кєя) of s3curity.net for reporting this issue.

2012-02-21 mynews.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-20 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-20 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Alexander Fuchs of vulnerability-lab.com for reporting this issue.

2012-02-15 volume.itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-12 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Brooklyn Technical High School for reporting this issue.

2012-02-10 apple.com/global

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-06 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Sow Ching Shiong of Stratsec for reporting this issue.

2012-02-03 consultants.apple.com

A server misconfiguration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-02-01 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Himanshu Sharma (нα¢кєя) of s3curity.net and Pratik KC (phybeя) of phybersecurity.net for reporting this issue.

2012-02-01 promo.euro.apple.com/tellafriend

A cross-site scripting issue was addressed. We would like to acknowledge Griffin Francis of John Paul College, NSW, Australia for reporting this issue.

2012-01-26 evaluatemacs.apple.com

A full path disclosure issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.

2012-01-25 jobs.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-01-25 jobs.apple.com

An HTML injection issue was addressed. We would like to acknowledge Daejin Lee from Daeyeon High School, Busan, South Korea for reporting this issue.

2012-01-25 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Griffin Francis of John Paul College, NSW, Australia and Suleman Ali of the Dunbarton HS in Canada for reporting this issue.

2012-01-24 itunesconnect.apple.com

An application logic issue was addressed. We would like to acknowledge Tim Sawtell from Sawtell Software, Tom Andersen of Spot Documents, Apptividia Co., Ltd, and Jonathan Lint for reporting this issue.

2012-01-17 images.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki for reporting this issue.

2012-01-13 storechat.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Brooklyn Technical High School for reporting this issue.

2012-01-13 wdg2.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-01-12 wdg2.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mario Soufa for reporting this issue.

2012-01-09 store.apple.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-01-09 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Marc-Etienne M.Léveillé of CISSP Groupies and Edovia for reporting this issue.

2012-01-09 icloud.com

A cross-site scripting issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com for reporting this issue.

2012-01-09 appleseed.apple.com

An access control issue was addressed. We would like to acknowledge Christopher SJ Ong for reporting this issue.

2012-01-06 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Himanshu Sharma(нα¢кєя) of www.s3curity.net, Cim Stordal, Belmin Vehabovic, Jose A. Vazquez of spa-s3c.blogspot.com, Keita Haga of keitahaga.com, Olivier Beg of spinozalyceum, and Aditya Gupta, Subho Halder and Dev Kar from KIIT University, India for reporting this issue.

2011-12-21 mfi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com for reporting this issue.

2011-12-19 gsxws2ut.apple.com

An information disclosure issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com and Julius Kivimäki for reporting this issue.

2011-12-13 acn-members.apple.com

A credential issue was addressed. We would like to acknowledge Griffin Francis of John Paul College, NSW, Australia for reporting this issue.

2011-12-12 canadaapp.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2011-12-07 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2011-12-06 me.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2011-12-05 images.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2011-12-05 ax.search.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Bernhard 'Bruhns' Brehm of Recurity Labs for reporting this issue.

2011-11-17 rss.support.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-11-13 km.support.apple.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-11-08 discussionsjapan.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Koki Nakayasu of Keio University for reporting this issue.

2011-11-01 wdg2.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-28 radarsubmissions.apple.com

An information disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2011-10-27 opensource.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki for reporting this issue.

2011-10-26 ade.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-25 edcommunity.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mike Bailey for reporting this issue.

2011-10-25 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-25 expresslane.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann ofnilsjuenemann.de for reporting this issue.

2011-10-24 developer.apple.com

A mixed-content issue was addressed. We would like to acknowledge Glenn Tenney of Fantasia Systems Inc. for reporting this issue.

2011-10-21 evaluatemacs.apple.com

A full path disclosure issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.

2011-10-21 apple.com/tw/reseller

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2011-10-17 wsidecar.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-14 setup.apple.com

An incorrect URL localization issue was addressed. We would like to acknowledge Dirk Haun for reporting this issue.

2011-10-07 wsidecar.apple.com

An SQL injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-05 reseller.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-30 wsidecar.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-28 help.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Matias P. Brutti, Sr. Security Consultant at IOActive, Inc for reporting this issue.

2011-09-27 support.apple.com/repairstatus

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-09-27 evaluatemacs.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-16 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-09-12 daw.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-12 daw2.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-08 storechat.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge "some stupid nerd" for reporting this issue.

2011-09-07 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-02 apple.com

A server misconfiguration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2011-08-29 developer.apple.com/search

A cross-site scripting issue was addressed. We would like to acknowledge Rahat Mahbub from Maple Leaf International School, and Cim Stordal for reporting this issue.

2011-08-29 qtdevseed.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-25 backend.media.euro.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-25 backend.media.euro.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki of Cracow University of Technology, Poland for reporting this issue.

2011-08-24 canadaapp.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-22 apple.com/tellafriend

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-11 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-10 dzc.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-10 buy.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-09 wsidecar.apple.com

A server configuration issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-05 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-01 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jobert Abma of Online24 for reporting this issue.

2011-07-29 daw.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-22 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge d3v1l for reporting this issue.

2011-07-21 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge d3v1l, and Emanuele Gentili of Tiger Security S.r.l. (tigersecurity.it) for reporting this issue.

2011-07-20 documentation.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-19 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-18 consultants.apple.com/services.php

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-15 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Himanshu Sharma of the Doon Public School in New Delhi, India for reporting this issue.

2011-07-12 consultants-locator.apple.com

An iFrame and a SQL injection issue were addressed. We would like to acknowledge Idahc for reporting this issue.

2011-07-09 apple.com/retail

A SQL injection issue was addressed. We would like to acknowledge Ben Love for reporting this issue.

2011-07-06 developer.apple.com

An arbitrary redirect issue was addressed. We would like to acknowledge Michiel Prins of Online24 for reporting this issue.

2011-07-06 apple.com/search

An HTML injection issue was addressed. We would like to acknowledge David Vieira-Kurz of MajorSecurity (majorsecurity.net) for reporting this issue.

2011-06-30 connect.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Gautam Kok of Webnuts.nl for reporting this issue.

2011-06-28 developer.apple.com

Arbitrary URL redirect and HTTP response splitting issues were addressed. We would like to acknowledge YGN Ethical Hacker Group (yehg.net) for reporting these issues.

2011-06-20 developer.apple.com

A path disclosure issue was addressed. We would like to acknowledge Graham Lee of Fuzzy Aliens for reporting this issue.

2011-06-02 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-05-21 iTunes Store and Mac App Store

A password validation issue was addressed in the handling of AOL accounts. We would like to acknowledge Joshua Long of security.thejoshmeister.com for reporting this issue.

2011-05-03 id.apple.com

A server configuration issue was addressed. We would like to acknowledge William LaFrance for reporting this issue.

2011-05-02 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Billy Rios of the Google Security Team for reporting this issue.

2011-04-17 ftp.apple.com

A cross-site request forgery issue was addressed. We would like to acknowledge Maksymilian Arciemowicz for reporting this issue.

2011-03-09 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-03-09 evaluatemacs.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-03-09 consultants-locator.apple.com

A path disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-03-09 evaluatemacs.apple.com

A path disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-02-24 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Peter Ellehauge of Yahoo! paranoids for reporting this issue.

2011-02-16 acn-members.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.

2011-02-16 consultants.apple.com

An error logging issue was addressed. We would like to acknowledge Laurent Oudot of TEHTRI-Security.com for reporting this issue.

2011-01-11 latam.apple.com

A path disclosure issue was addressed. We would like to acknowledge Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.

2010-12-07 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Sami Mrabet for reporting this issue.

2010-10-04 store.apple.com

https://store.apple.com was updated to address an issue allowing certain web resources to be loaded over HTTP. We would like to acknowledge Elena POINCET of TEHTRI-Security.com for reporting this issue.

2010-10-04 developer.apple.com

An error logging issue was addressed. We would like to acknowledge Laurent Oudot of TEHTRI-Security.com for reporting this issue.

2010-09-24 channelprograms.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Morten Wold of the HackTalk Security Team for reporting this issue.

2010-08-18 education.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki of Cracow University of Technology, Poland for reporting this issue.

2010-07-01 me.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2010-06-17 me.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Stephane Lunati for reporting this issue.

2010-06-17 me.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2010-05-18 edcommunity.apple.com, latam.apple.com

Two individual cross-site scripting issues were addressed. We would like to acknowledge IFailStuff of EvilZone.org for reporting this issue.

2009-11-05 me.com/mail

The MobileMe Mail application has been updated to address a cross-site scripting issue and an issue allowing spam messages to trigger requests to third-party web servers. We would like to acknowledge Stephane Lunati from TouchMatter.com for reporting the issues.

2009-10-09 me.com/mail

The MobileMe site has corrected several cross-site scripting issues that could be triggered after an attacker has compromised an account. We would like to acknowledge Haroon Meer of SensePost for reporting this issues.

2009-07-01 idisk.me.com

A directory traversal issue was addressed. We would like to acknowledge Jeremy Richards for reporting this issue.

2009-04-16 iTunes Store

An HTTP response header splitting issue in the iTunes Store was addressed. We would like to acknowledge Will Drewry for reporting this issue.

2009-01-10 store.apple.com

Two cross-site scripting issues were addressed. We would like to acknowledge Christian Matthies for reporting this issue.

2008-12-11 www.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger of MySpace Security Team for reporting this issue.

2008-12-04 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger of MySpace Security Team for reporting this issue.

2008-12-04 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger of MySpace Security Team for reporting this issue.

2008-11-06 me.com

Multiple cross-site request forgery and cross-site scripting issues in MobileMe web applications were fixed. We would like to acknowledge Richard Vaneeden, Sr. Security Consultant at IOActive, Inc. and Ilja Van Sprundel, Principal Security Consultant at IOActive, Inc. for reporting the issues.

2008-11-06 discussions.apple.com

A cross-site scripting issue in the Apple Discussions page was fixed. We would like to acknowledge Richard Vaneeden, Sr. Security Consultant at IOActive, Inc. and Ilja Van Sprundel, Principal Security Consultant at IOActive, Inc. for reporting this issue.

2008-10-17 homepage.mac.com

A cross-site scripting issue was addressed. We would like to acknowledge Yoshinori Ohta of Business Architects Inc. for reporting this issue.

2008-07-30 auth.apple.com

An authentication bypass issue in the MobileMe account information page was addressed. Credit to Thomas Pedley of ShALLaX for reporting this issue.

2008-07-11 edcommunity.apple.com

An SQL injection issue was addressed. We would like to acknowledge Nenad Stojanovski and Travis Schack for reporting this issue.

2008-06-09 iTunes Store

An open redirector in the iTunes Store was addressed. We would like to acknowledge Nenad Stojanovski for reporting this issue.

2008-05-16 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mike Zusman of Intrepidus Group for reporting this issue.

2008-04-28 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Bloom for reporting this issue.

2008-03-31 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Bloom for reporting this issue.

2007-10-26 iforgot.apple.com/

A cross-site scripting issue was addressed. We would like to acknowledge Waqas Nazir of DigitSEC for reporting the issue.

2007-10-05 support.apple.com/techtooldeluxe/

A cross-site scripting issue was addressed. We would like to acknowledge Kenichi Maehashi of Hosei University for reporting the issue.

2007-09-26 education.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting the issue.

2007-09-26 edcommunity.apple.com

Two individual cross-site scripting issues were addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting these issues.

2007-07-16 Apple Store Locator

An SQL injection issue was corrected in the Apple Store Locator. No customer data is stored on or is handled by the affected database. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting these issues.

2007-05-17 jobs.apple.com

A cross-site scripting issue was corrected on jobs.apple.com. We would like to acknowledge Dinis Cruz of Ounce Labs for reporting this issue.

2007-04-30 Apple website

Apple corrected a cross-site scripting issue on searchcgi.apple.com. We would like to acknowledge Nitesh Dhanjani for reporting this issue.

2005-12-14 Developer Connection Website

Apple corrected an issue on the connect.apple.com website that could have caused an email address to be disclosed. We would like to acknowledge Hernan Ochoa for reporting this issue.

2005-10-11 Apple Websites

Apple has corrected two issues related to PHP on the ali.apple.com and education.apple.com websites. No customer data is stored on or is handled by either of these systems. We would like to acknowledge Johannes Fahrenkrug for reporting these issues.