Credits
2011-12-21 mfi.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com for reporting this issue.
2011-12-19 gsxws2ut.apple.com
An information disclosure issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com and Julius Kivimäki for reporting this issue.
2011-12-13 acn-members.apple.com
A credential issue was addressed. We would like to acknowledge Griffin Francis of John Paul College, NSW, Australia for reporting this issue.
2011-12-12 canadaapp.apple.com
A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.
2011-12-07 icloud.com/mail
A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.
2011-12-06 me.com/mail
A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.
2011-12-05 images.apple.com
A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.
2011-12-05 ax.search.itunes.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Bernhard 'Bruhns' Brehm of Recurity Labs for reporting this issue.
2011-11-17 rss.support.apple.com
A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-11-13 km.support.apple.com
A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-11-08 discussionsjapan.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Koki Nakayasu of Keio University for reporting this issue.
2011-11-01 wdg2.apple.com
A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-10-28 radarsubmissions.apple.com
An information disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.
2011-10-27 opensource.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki for reporting this issue.
2011-10-26 ade.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-10-25 edcommunity.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Mike Bailey for reporting this issue.
2011-10-25 expresslane.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research, Abubakr Soliman (@bakrianoo) from Sinai University, and Maheshkumar Darji (facebook.com/myths.tailor) for reporting this issue.
2011-10-25 expresslane.apple.com
A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann ofnilsjuenemann.de for reporting this issue.
2011-10-24 developer.apple.com
A mixed-content issue was addressed. We would like to acknowledge Glenn Tenney of Fantasia Systems Inc. for reporting this issue.
2011-10-21 evaluatemacs.apple.com
A full path disclosure issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.
2011-10-21 apple.com/tw/reseller
A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.
2011-10-17 wsidecar.apple.com
A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-10-14 setup.apple.com
An incorrect URL localization issue was addressed. We would like to acknowledge Dirk Haun for reporting this issue.
2011-10-07 wsidecar.apple.com
An SQL injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-10-05 reseller.apple.com
A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-09-30 wsidecar.apple.com
A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-09-30 reportingitc.apple.com
An SSL configuration issue was addressed. We would like to acknowledge David Dunham of A Sharp, LLC, Ron Avitzur of Pacific Tech Software, and Attila Soki for reporting this issue.
2011-09-28 help.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Matias P. Brutti, Sr. Security Consultant at IOActive, Inc for reporting this issue.
2011-09-27 support.apple.com/repairstatus
A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.
2011-09-27 evaluatemacs.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-09-16 developer.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.
2011-09-12 daw.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-09-12 daw2.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-09-08 storechat.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge "some stupid nerd" for reporting this issue.
2011-09-07 consultants-locator.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-09-02 apple.com
A server misconfiguration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.
2011-08-29 developer.apple.com/search
A cross-site scripting issue was addressed. We would like to acknowledge Rahat Mahbub from Maple Leaf International School, and Cim Stordal for reporting this issue.
2011-08-29 qtdevseed.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.
2011-08-25 backend.media.euro.apple.com
A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.
2011-08-25 backend.media.euro.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki of Cracow University of Technology, Poland for reporting this issue.
2011-08-24 canadaapp.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.
2011-08-22 apple.com/tellafriend
A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.
2011-08-17 itunes.apple.com
A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-08-15 backend.media.euro.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Damien Couturier for reporting this issue.
2011-08-11 developer.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.
2011-08-10 dzc.itunes.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-08-10 buy.itunes.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-08-09 wsidecar.apple.com
A server configuration issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.
2011-08-05 developer.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-08-01 consultants.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Jobert Abma of Online24 for reporting this issue.
2011-07-29 daw.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-07-22 iforgot.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge d3v1l for reporting this issue.
2011-07-21 consultants.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge d3v1l, and Emanuele Gentili of Tiger Security S.r.l. (tigersecurity.it) for reporting this issue.
2011-07-20 documentation.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-07-19 searchcgi.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-07-18 consultants.apple.com/services.php
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-07-15 consultants.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Himanshu Sharma of the Doon Public School in New Delhi, India for reporting this issue.
2011-07-12 consultants-locator.apple.com
An iFrame and an SQL injection issue were addressed. We would like to acknowledge Idahc for reporting this issue.
2011-07-09 apple.com/retail
A SQL injection issue was addressed. We would like to acknowledge Ben Love for reporting this issue.
2011-07-06 developer.apple.com
An arbitrary redirect issue was addressed. We would like to acknowledge Michiel Prins of Online24 for reporting this issue.
2011-07-06 apple.com/search
An HTML injection issue was addressed. We would like to acknowledge David Vieira-Kurz of MajorSecurity (majorsecurity.net) for reporting this issue.
2011-06-30 connect.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Gautam Kok of Webnuts.nl for reporting this issue.
2011-06-28 developer.apple.com
Arbitrary URL redirect and HTTP response splitting issues were addressed. We would like to acknowledge YGN Ethical Hacker Group (yehg.net) for reporting these issues.
2011-06-28 search.lists.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Drew Hintz of Google Security for reporting this issue.
2011-06-20 developer.apple.com
A path disclosure issue was addressed. We would like to acknowledge Graham Lee of Fuzzy Aliens for reporting this issue.
2011-06-02 itunes.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.
2011-05-21 iTunes Store and Mac App Store
A password validation issue was addressed in the handling of AOL accounts. We would like to acknowledge Joshua Long of security.thejoshmeister.com for reporting this issue.
2011-05-03 id.apple.com
A server configuration issue was addressed. We would like to acknowledge William LaFrance for reporting this issue.
2011-05-02 developer.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Billy Rios of the Google Security Team for reporting this issue.
2011-04-17 ftp.apple.com
A cross-site request forgery issue was addressed. We would like to acknowledge Maksymilian Arciemowicz for reporting this issue.
2011-03-09 consultants-locator.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.
2011-03-09 evaluatemacs.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.
2011-03-09 consultants-locator.apple.com
A path disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.
2011-03-09 evaluatemacs.apple.com
A path disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.
2011-02-24 developer.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Peter Ellehauge of Yahoo! paranoids for reporting this issue.
2011-02-16 acn-members.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.
2011-02-16 consultants.apple.com
An error logging issue was addressed. We would like to acknowledge Laurent Oudot of TEHTRI-Security.com for reporting this issue.
2011-01-11 latam.apple.com
A path disclosure issue was addressed. We would like to acknowledge Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.
Web Server notifications by year
For information about Apple Web Server notifications from previous years, see this document: