Credits
2016-12-20 myaccess.apple.com
A server configuration issue was addressed. We would like to acknowledge Yogesh Anil Tantak (facebook.com/ytantak1) for reporting this issue.
2016-12-20 support.apple.com
A server configuration issue was addressed. We would like to acknowledge Nikhil Kumar (linkedin.com/in/nikhil-kumar-20ba0a24/) of Neogrowth Credit Pvt. Ltd. for reporting this issue.
2016-12-18 challengebasedlearning.org
A cross-site request forgery issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2016-12-18 challengebasedlearning.org
A cross-site request forgery issue was addressed. We would like to acknowledge Er Pratik Panchal of Infobit Technologies for reporting this issue.
2016-12-18 challengebasedlearning.org
A cross-site scripting issue was addressed. We would like to acknowledge Jon Bottarini (@jon_bottarini), Rui Silva (facebook.com/ruisilvaoficial), Kevin VALERIO (@conslight), Ahmed Abdalla Fathi (facebook.com/mr.alexseve), Max Prietzel, Emil Frits Bengtsson of KHS, and Nadi Abdellah (facebook.com/bloody.fang12) for reporting this issue.
2016-12-13 beatsbydre.com
A server configuration issue was addressed. We would like to acknowledge Mohammed El Bess (facebook.com/halbess) and Mohammad Abuhassan (facebook.com/anonfantom) for reporting this issue.
2016-12-12 appleid.apple.com
A cross-site request forgery issue was addressed. We would like to acknowledge Ramin Farajpour Cami for reporting this issue.
2016-12-08 myaccess.apple.com
A server configuration issue was addressed. We would like to acknowledge Richard Moulinneuf from SafeRail (saferail.fr/en) for reporting this issue.
2016-12-08 myaccess.apple.com
A server configuration issue was addressed. We would like to acknowledge Jon Bottarini (@jon_bottarini) of HackerOne for reporting this issue.
2016-12-08 icloud.com
A cross-site scripting issue was addressed. We would like to acknowledge Greg Harris for reporting this issue.
2016-12-07 store.apple.com
A server configuration issue was addressed. We would like to acknowledge Patrick Schlangen for reporting this issue.
2016-11-29 iadworkbench.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Mustafa Hasan (strukt) for reporting this issue.
2016-11-28 apple.com
A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2016-11-28 apple.com
A clickjacking issue was addressed. We would like to acknowledge Kameshwar Thakur (securityspecialist.in) and Ramin Farajpour Cami (bugjoo.ir) for reporting this issue.
2016-11-18 icloud.com
A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.
2016-11-15 beatsbydre.com
A cross-site scripting issue was addressed. We would like to acknowledge Mohamed A. Baset of Seekurity.com SAS de C.V. Mexico and an anonymous researcher for reporting this issue.
2016-11-08 apple.com
A server configuration issue was addressed. We would like to acknowledge Manish Bhattacharya of manishbhattacharya.com for reporting this issue.
2016-11-04 opensource.apple.com
A server configuration issue was addressed. We would like to acknowledge Dane Wachs of Ubiquitous Computing LLC and an anonymous researcher for reporting this issue.
2016-11-02 ssl.apple.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2016-11-02 itunesconnect.apple.com
A server configuration issue was addressed. We would like to acknowledge Juha Suontausta of Telia Company for reporting this issue.
2016-11-02 store.apple.com
A server configuration issue was addressed. We would like to acknowledge Raad Firas Haddad (@raadfhaddad) for reporting this issue.
2016-11-01 support.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Tatsuki Maekawa of Gehirn Inc. for reporting this issue.
2016-10-31 solutions.filemaker.com
A cross site scripting issue was addressed. We would like to acknowledge Nicholas R (linkedin.com/in/Nixholas) for reporting this issue.
2016-10-25 searchads.apple.com
A server configuration issue was addressed. We would like to acknowledge an Gökay Gündoğan (gokaygundogan.com.tr) for reporting this issue.
2016-10-19 applepaysupplies.com
A cross-site request forgery issue was addressed. We would like to acknowledge Djoukhrab Djaber (facebook.com/djrootdz) of Kasdi Merbah Ouargla University for reporting this issue.
2016-10-13 attache.apple.com
A cross site scripting issue was addressed. We would like to acknowledge Tadj Youssouf (facebook.com/oc3f.dz)
2016-10-10 iforgot.apple.com
A server configuration issue was addressed. We would like to acknowledge Mourad Benzine for reporting this issue.
2016-10-05 developer.apple.com
A server configuration issue was addressed. We would like to acknowledge Wai Yan Aung (@waiyanaun9) for reporting this issue.
2016-10-05 procurementportal.apple.com
A server configuration issue was addressed. We would like to acknowledge Eusebiu Blindu (@testalways) for reporting this issue.
2016-10-03 qtdevseed.apple.com
A server configuration issue was addressed. We would like to acknowledge Marco Cazzaniga for reporting this issue.
2016-10-03 qtdevseed.apple.com
A server configuration issue was addressed. We would like to acknowledge @kraken_kall for reporting this issue.
2016-10-03 qtdevseed.apple.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2016-09-27 getsupport.apple.com
A cross site scripting issue was addressed. We would like to acknowledge Nicolas Francois of MeoW Sec for reporting this issue.
2016-09-23 swdlp.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Rakan Alotaibi (@hxteam) for reporting this issue.
2016-09-22 checkcoverage.apple.com
A cross site scripting issue was addressed. We would like to acknowledge Zee Shan (@z33_5h4n) of hacker1.xyz, Louis Lang (louislang.com), Ivan Danilov (linkedin.com/in/coderast) of IPSERVER LLC, Gerardo Venegas, Edwin Foudil (edwinfoudil.com), Mustafa Hasan of Netsparker, Faizan Ahmad of Fsecurify (fsecurify.com), Orange Tsai from DEVCORE, James262144XD, and Joel Noguera (@niemand_sec) for reporting this issue.
2016-09-14 apple.com
A cross site scripting issue was addressed. We would like to acknowledge Florian Kunushevci (facebook.com/misteriozi.pirat.kwg) for reporting this issue.
2016-09-13 apple.com
A cross site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2016-09-13 apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Jake Eaton (linkedin.com/in/jake-eaton), Sahil Tikoo of Thakur College, Rahul Dattatraya Kankrale (@RahulKankrale) of servicenger.com, Matthew Telfer (MLT) of Project Insecurity (@ret2libc), and Cameron Dawe of Spam404 (@Spam404Online) for reporting this issue.
2016-09-12 carrierlink.apple.com
A server configuration issue was addressed. We would like to acknowledge HexTitan for reporting this issue.
2016-09-12 identity.appple.com
A server configuration issue was addressed. We would like to acknowledge Michael Stepankin of Positive Technologies (@Artsploit) for reporting this issue.
2016-09-02 presslogin.beatsbydre.com
A server configuration issue was addressed. We would like to acknowledge Kenny Hietbrink (hietbr.ink) of Syntra West for reporting this issue.
2016-08-31 privftp.apple.com
A clickjacking issue was addressed. We would like to acknowledge Mohamed A. Baset of Seekurity.com SAS de C.V. Mexico for reporting this issue.
2016-8-31 apple.com
A server configuration issue was addressed. We would like to acknowledge Faast Team of ElevenPaths.com for reporting this issue.
2016-08-29 filemaker.com
A cross-site scripting issue was addressed. We would like to acknowledge Ayoub Nait Lamine for reporting this issue.
2016-08-25 auth.me.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2016-08-16 icloud.com
A server configuration issue was addressed. We would like to acknowledge Lucas Toriello (linkedin.com/in/lucastoriello) of ESIEA (C+V)° Laboratory for reporting this issue.
2016-08-16 icloud.com
A server configuration issue was addressed. We would like to acknowledge Alexander Traud of (traud.de) for reporting this issue.
2016-08-10 apple.com
A server configuration issue was addressed. We would like to acknowledge Brooke Schreier Ganz (@Asparagirl) for reporting this issue.
2016-08-09 consultants-locator.apple.com
A server configuration issue was addressed. We would like to acknowledge Abdullah Hussam (ahussam.me) for reporting this issue.
2016-08-08 itunesconnect.apple.com
A server configuration issue was addressed. We would like to acknowledge Simon Maddox and an anonymous researcher for reporting this issue.
2016-07-27 apple.com
A server configuration issue was addressed. We would like to acknowledge Ye Yint Min Thu Htut (YGN Ethical Hacker group yehg.net) and Satyam Rastogi (facebook.com/hackersatyamrastogi) for reporting this issue.
2016-07-26 download.info.apple.com
A server configuration issue was addressed. We would like to acknowledge Ye Yint Min Thu Htut (YGN Ethical Hacker group yehg.net) for reporting this issue.
2016-07-25 apple.com
A server configuration issue was addressed. We would like to acknowledge Ahmed Elsobky (@0xSobky) for reporting this issue.
2016-07-22 lookup-api.apple.com
A cross site scripting issue was addressed. We would like to acknowledge Orange Tsai of DEVCORE for reporting this issue.
2016-07-22 developer.filemaker.com
A cross site scripting issue was addressed. We would like to acknowledge Dharamvir Bisht (linkedin.com/in/dharamvirbisht) for reporting this issue.
2016-07-13 yuri.apple.com
A server configuration issue was addressed. We would like to acknowledge Adrián Condes for reporting this issue.
2016-07-13 appstore.com
A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.
2016-07-11 retailjss.apple.com
A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.
2016-07-11 itunesu.itunes.apple.com
A cross site scripting issue was addressed. We would like to acknowledge Hasan Emre Özer for reporting this issue.
2016-07-05 canadaapp.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2016-06-23 challengebasedlearning.org
A SQL injection issue was addressed. We would like to acknowledge Shawar Khan (facebook.com/shawarkhanskofficial) (shawarkhan.com) for reporting this issue.
2016-06-20 beatsbydre.com
A cross-site request forgery issue was addressed. We would like to acknowledge Aaditya Purani of IET-SEAS (@aaditya_purani) for reporting this issue.
2016-06-17 itunes.apple.com
A cross site scripting issue was addressed. We would like to acknowledge Cameron Dawe of Spam404 (@Spam404Online) and Abhishek Shroti (@Fake_Politics) for reporting this issue.
2016-06-03 foundationdb.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2016-06-03 beatsbydre.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2016-05-11 linkmaker.itunes.apple.com
A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.
2016-05-11 support.apple.com
A server configuration issue was addressed. We would like to acknowledge Ye Yint Min Thu Htut (YGN Ethical Hacker group yehg.net) for reporting this issue.
2016-05-11 icloud.com
A server configuration issue was addressed. We would like to acknowledge Gary O'Leary-Steele (sec-1.com) and Graham Bacon (appcheck-ng.com) for reporting this issue.
2016-05-11 icloud.com
A server configuration issue was addressed. We would like to acknowledge Gary O'Leary-Steele of sec-1.com and Graham Bacon of appcheck-ng.com for reporting this issue.
2016-05-06 ecommerce.apple.com
A server configuration issue was addressed. We would like to acknowledge Sébastien Kaul for reporting this issue.
2016-05-05 itunes.apple.com
A server configuration issue was addressed. We would like to acknowledge Akshay Jain (facebook.com/akshayjain011) for reporting this issue.
2016-05-05 itunes.apple.com
A server configuration issue was addressed. We would like to acknowledge Akshay Jain (facebook.com/akshayjain011) for reporting this issue.
2016-04-27 apple.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2016-04-22 apple.com
A server configuration issue was addressed. We would like to acknowledge SaifAllah benMassaoud of Evolution Security GmbH - Government Laboratory (facebook.com/WhiteHatSecuri) for reporting this issue.
2016-04-20 trailers.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Edwin Foudil (edwinfoudil.com) for reporting this issue.
2016-04-20 jobs.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Cosmin Maier of Zeroday.pro Labs for reporting this issue.
2016-04-13 trailers.apple.com
A cross site scripting issue was addressed. We would like to acknowledge Edwin Foudil (edwinfoudil.com) for reporting this issue.
2016-04-11 myaccess.apple.com
A server configuration issue was addressed. We would like to acknowledge Latish Danawale (facebook.com/latish.danawale.14) and Suraj Mulik (facebook.com/suraj.mulik) for reporting this issue.
2016-04-14 apple.com
A server configuration issue was addressed. We would like to acknowledge Ing. Darnhofer Armin of Optix-IO AG for reporting this issue.
2016-03-16 appleid.apple.com
A cross site scripting issue was addressed. We would like to acknowledge Mustafa Hasan (@strukt93) for reporting this issue.
2016-03-03 training.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Sandeep Singh Rehal of NTT Europe for reporting this issue.
2016-03-02 wwdcservo.apple.com
A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.
2016-02-08 consultants.apple.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2016-02-10 icloud.com
A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.
2016-02-10 icloud.com
A cross-site scripting issue was addressed. We would like to acknowledge Kieran Claessens (@KieranClaessens) for reporting this issue.
2016-02-08 consultants.apple.com
A server configuration issue was addressed. We would like to acknowledge Kapil Soni (Haxinos) of Xowia Technologies, India for reporting this issue.
2016-02-08 volume.itunes.apple.com
A server configuration issue was addressed. We would like to acknowledge Guilherme Scombatti (linkedin.com/in/guilhermescombatti) for reporting this issue.
2016-02-08 consultants.apple.com
A server configuration issue was addressed. We would like to acknowledge Charfeddine Hamdi (@tws_charfeddine) of Tunisian WhiteHat Security for reporting this issue.
2016-02-04 filemaker.com
A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.
2016-02-04 rtc.euro.apple.com
A clickjacking issue was addressed. We would like to acknowledge Guilherme Scombatti (linkedin.com/in/guilhermescombatti) for reporting this issue.
2016-02-02 support.beatsmusic.com and support.burstly.com
A server configuration issue was addressed. We would like to acknowledge Harry M. Gertos for reporting this issue.
2016-02-01 presslogin.beatsbydre.com
A server configuration issue was addressed. We would like to acknowledge Harsh Jaiswal (@rootxflood) & Rudra for reporting this issue.
2016-01-27 rtc.euro.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Mousab Elhag Hassan (facebook.com/mousab.elhag) of mousab.com and an anonymous researcher for reporting this issue.
2016-01-26 apple.com
A cross-site scripting issue was addressed. We would like to acknowledge U.Kiranvas Reddy (fb.com/Kiranreddyrebel) for reporting this issue.
2016-01-15 support.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Jaanus Kääp of Clarified Security and Geoffrey Van Den Berge (@geoffreyvdberge) for reporting this issue.
2016-01-15 wikid.filemaker.com
A cross-site scripting issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.
2016-01-11 itunesconnect.apple.com
A server configuration issue was addressed. We would like to acknowledge Rameen Mashhoon (hackerone.com/rmashhoon) for reporting this issue.
2016-01-04 ets-web.filemaker.apple.com
A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.