Apple Web Server notifications, 2016

This article provides credit to people who have reported potential security issues in Apple's web servers.

Credits

2016-12-20 myaccess.apple.com

A server configuration issue was addressed. We would like to acknowledge Yogesh Anil Tantak (facebook.com/ytantak1) for reporting this issue.

2016-12-20 support.apple.com

A server configuration issue was addressed. We would like to acknowledge Nikhil Kumar (linkedin.com/in/nikhil-kumar-20ba0a24/) of Neogrowth Credit Pvt. Ltd. for reporting this issue.

2016-12-18 challengebasedlearning.org

A cross-site request forgery issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-12-18 challengebasedlearning.org

A cross-site request forgery issue was addressed. We would like to acknowledge Er Pratik Panchal of Infobit Technologies for reporting this issue.

2016-12-18 challengebasedlearning.org

A cross-site scripting issue was addressed. We would like to acknowledge Jon Bottarini (@jon_bottarini), Rui Silva (facebook.com/ruisilvaoficial), Kevin VALERIO (@conslight), Ahmed Abdalla Fathi (facebook.com/mr.alexseve), Max Prietzel, Emil Frits Bengtsson of KHS, and Nadi Abdellah (facebook.com/bloody.fang12) for reporting this issue.

2016-12-13 beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge Mohammed El Bess (facebook.com/halbess) and Mohammad Abuhassan (facebook.com/anonfantom) for reporting this issue.

2016-12-12 appleid.apple.com 

A cross-site request forgery issue was addressed. We would like to acknowledge Ramin Farajpour Cami for reporting this issue.

2016-12-08 myaccess.apple.com

A server configuration issue was addressed. We would like to acknowledge Richard Moulinneuf from SafeRail (saferail.fr/en) for reporting this issue.

2016-12-08 myaccess.apple.com

A server configuration issue was addressed. We would like to acknowledge Jon Bottarini (@jon_bottarini) of HackerOne for reporting this issue.

2016-12-08 icloud.com

A cross-site scripting issue was addressed. We would like to acknowledge Greg Harris for reporting this issue.

2016-12-07 store.apple.com

A server configuration issue was addressed. We would like to acknowledge Patrick Schlangen for reporting this issue.

2016-11-29 iadworkbench.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mustafa Hasan (strukt) for reporting this issue.

2016-11-28 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-11-28 apple.com

A clickjacking issue was addressed. We would like to acknowledge Kameshwar Thakur (securityspecialist.in) and Ramin Farajpour Cami (bugjoo.ir) for reporting this issue.

2016-11-18 icloud.com

A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.

2016-11-15 beatsbydre.com

A cross-site scripting issue was addressed. We would like to acknowledge Mohamed A. Baset of Seekurity.com SAS de C.V. Mexico and an anonymous researcher for reporting this issue.

2016-11-08 apple.com

A server configuration issue was addressed. We would like to acknowledge Manish Bhattacharya of manishbhattacharya.com for reporting this issue.

2016-11-04 opensource.apple.com

A server configuration issue was addressed. We would like to acknowledge Dane Wachs of Ubiquitous Computing LLC and an anonymous researcher for reporting this issue.

2016-11-02 ssl.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-11-02 itunesconnect.apple.com

A server configuration issue was addressed. We would like to acknowledge Juha Suontausta of Telia Company for reporting this issue.

2016-11-02 store.apple.com

A server configuration issue was addressed. We would like to acknowledge Raad Firas Haddad (@raadfhaddad) for reporting this issue.

2016-11-01 support.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Tatsuki Maekawa of Gehirn Inc. for reporting this issue.

2016-10-31 solutions.filemaker.com

A cross site scripting issue was addressed. We would like to acknowledge Nicholas R (linkedin.com/in/Nixholas) for reporting this issue.

2016-10-25 searchads.apple.com

A server configuration issue was addressed. We would like to acknowledge an Gökay Gündoğan (gokaygundogan.com.tr) for reporting this issue.

2016-10-19 applepaysupplies.com

A cross-site request forgery issue was addressed. We would like to acknowledge Djoukhrab Djaber (facebook.com/djrootdz) of Kasdi Merbah Ouargla University for reporting this issue.

2016-10-13 attache.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Tadj Youssouf (facebook.com/oc3f.dz)

2016-10-10 iforgot.apple.com

A server configuration issue was addressed. We would like to acknowledge Mourad Benzine for reporting this issue.

2016-10-05 developer.apple.com

A server configuration issue was addressed. We would like to acknowledge Wai Yan Aung (@waiyanaun9) for reporting this issue.

2016-10-05 procurementportal.apple.com

A server configuration issue was addressed. We would like to acknowledge Eusebiu Blindu (@testalways) for reporting this issue.

2016-10-03 qtdevseed.apple.com

A server configuration issue was addressed. We would like to acknowledge Marco Cazzaniga for reporting this issue.

2016-10-03 qtdevseed.apple.com

A server configuration issue was addressed. We would like to acknowledge @kraken_kall for reporting this issue.

2016-10-03 qtdevseed.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-09-27 getsupport.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Nicolas Francois of MeoW Sec for reporting this issue.

2016-09-23 swdlp.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Rakan Alotaibi (@hxteam) for reporting this issue.

2016-09-22 checkcoverage.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Zee Shan (@z33_5h4n) of hacker1.xyz, Louis Lang (louislang.com), Ivan Danilov (linkedin.com/in/coderast) of IPSERVER LLC, Gerardo Venegas, Edwin Foudil (edwinfoudil.com), Mustafa Hasan of Netsparker, Faizan Ahmad of Fsecurify (fsecurify.com), Orange Tsai from DEVCORE, James262144XD, and Joel Noguera (@niemand_sec) for reporting this issue.

2016-09-14 apple.com

A cross site scripting issue was addressed. We would like to acknowledge Florian Kunushevci (facebook.com/misteriozi.pirat.kwg) for reporting this issue.

2016-09-13 apple.com

A cross site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-09-13 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jake Eaton (linkedin.com/in/jake-eaton), Sahil Tikoo of Thakur College, Rahul Dattatraya Kankrale (@RahulKankrale) of servicenger.com, Matthew Telfer (MLT) of Project Insecurity (@ret2libc), and Cameron Dawe of Spam404 (@Spam404Online) for reporting this issue.

2016-09-12 carrierlink.apple.com

A server configuration issue was addressed. We would like to acknowledge HexTitan for reporting this issue.

2016-09-12 identity.appple.com

A server configuration issue was addressed. We would like to acknowledge Michael Stepankin of Positive Technologies (@Artsploit) for reporting this issue.

2016-09-02 presslogin.beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge Kenny Hietbrink (hietbr.ink) of Syntra West for reporting this issue.

2016-08-31 privftp.apple.com

A clickjacking issue was addressed. We would like to acknowledge Mohamed A. Baset of Seekurity.com SAS de C.V. Mexico for reporting this issue.

2016-8-31 apple.com

A server configuration issue was addressed. We would like to acknowledge Faast Team of ElevenPaths.com for reporting this issue.

2016-08-29 filemaker.com

A cross-site scripting issue was addressed. We would like to acknowledge Ayoub Nait Lamine for reporting this issue.

2016-08-25 auth.me.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-08-16 icloud.com

A server configuration issue was addressed. We would like to acknowledge Lucas Toriello (linkedin.com/in/lucastoriello) of ESIEA (C+V)° Laboratory for reporting this issue.

2016-08-16 icloud.com

A server configuration issue was addressed. We would like to acknowledge Alexander Traud of (traud.de) for reporting this issue.

2016-08-10 apple.com

A server configuration issue was addressed. We would like to acknowledge Brooke Schreier Ganz (@Asparagirl) for reporting this issue.

2016-08-09 consultants-locator.apple.com

A server configuration issue was addressed. We would like to acknowledge Abdullah Hussam (ahussam.me) for reporting this issue.

2016-08-08 itunesconnect.apple.com

A server configuration issue was addressed. We would like to acknowledge Simon Maddox and an anonymous researcher for reporting this issue.

2016-07-27 apple.com

A server configuration issue was addressed. We would like to acknowledge Ye Yint Min Thu Htut (YGN Ethical Hacker group yehg.net) and Satyam Rastogi (facebook.com/hackersatyamrastogi) for reporting this issue.

2016-07-26 download.info.apple.com

A server configuration issue was addressed. We would like to acknowledge Ye Yint Min Thu Htut (YGN Ethical Hacker group yehg.net) for reporting this issue.

2016-07-25 apple.com

A server configuration issue was addressed. We would like to acknowledge Ahmed Elsobky (@0xSobky) for reporting this issue.

2016-07-22 lookup-api.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Orange Tsai of DEVCORE for reporting this issue.

2016-07-22 developer.filemaker.com

A cross site scripting issue was addressed. We would like to acknowledge Dharamvir Bisht (linkedin.com/in/dharamvirbisht) for reporting this issue.

2016-07-13 yuri.apple.com

A server configuration issue was addressed. We would like to acknowledge Adrián Condes for reporting this issue.

2016-07-13 appstore.com

A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.

2016-07-11 retailjss.apple.com

A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.

2016-07-11 itunesu.itunes.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Hasan Emre Özer for reporting this issue.

2016-07-05 canadaapp.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-06-23 challengebasedlearning.org

A SQL injection issue was addressed. We would like to acknowledge Shawar Khan (facebook.com/shawarkhanskofficial) (shawarkhan.com) for reporting this issue.

2016-06-20 beatsbydre.com

A cross-site request forgery issue was addressed. We would like to acknowledge Aaditya Purani of IET-SEAS (@aaditya_purani) for reporting this issue.

2016-06-17 itunes.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Cameron Dawe of Spam404 (@Spam404Online) and Abhishek Shroti (@Fake_Politics) for reporting this issue.

2016-06-03 foundationdb.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-06-03 beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-05-11 linkmaker.itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.

2016-05-11 support.apple.com

A server configuration issue was addressed. We would like to acknowledge Ye Yint Min Thu Htut (YGN Ethical Hacker group yehg.net) for reporting this issue.

2016-05-11 icloud.com

A server configuration issue was addressed. We would like to acknowledge Gary O'Leary-Steele (sec-1.com) and Graham Bacon (appcheck-ng.com) for reporting this issue.

2016-05-11 icloud.com

A server configuration issue was addressed. We would like to acknowledge Gary O'Leary-Steele of sec-1.com and Graham Bacon of appcheck-ng.com for reporting this issue.

2016-05-06 ecommerce.apple.com

A server configuration issue was addressed. We would like to acknowledge Sébastien Kaul for reporting this issue.

2016-05-05 itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge Akshay Jain (facebook.com/akshayjain011) for reporting this issue.

2016-05-05 itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge Akshay Jain (facebook.com/akshayjain011) for reporting this issue.

2016-04-27 apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-04-22 apple.com

A server configuration issue was addressed. We would like to acknowledge SaifAllah benMassaoud of Evolution Security GmbH - Government Laboratory (facebook.com/WhiteHatSecuri) for reporting this issue.

2016-04-20 trailers.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Edwin Foudil (edwinfoudil.com) for reporting this issue.

2016-04-20 jobs.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Cosmin Maier of Zeroday.pro Labs for reporting this issue.

2016-04-13 trailers.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Edwin Foudil (edwinfoudil.com) for reporting this issue.

2016-04-11 myaccess.apple.com

A server configuration issue was addressed. We would like to acknowledge Latish Danawale (facebook.com/latish.danawale.14) and Suraj Mulik (facebook.com/suraj.mulik) for reporting this issue.

2016-04-14 apple.com

A server configuration issue was addressed. We would like to acknowledge Ing. Darnhofer Armin of Optix-IO AG for reporting this issue.

2016-03-16 appleid.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Mustafa Hasan (@strukt93) for reporting this issue.

2016-03-03 training.apple.com 

A cross-site scripting issue was addressed. We would like to acknowledge Sandeep Singh Rehal of NTT Europe for reporting this issue.

2016-03-02 wwdcservo.apple.com

A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.

2016-02-08 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-02-10 icloud.com

A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.

2016-02-10 icloud.com

A cross-site scripting issue was addressed. We would like to acknowledge Kieran Claessens (@KieranClaessens) for reporting this issue.

2016-02-08 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Kapil Soni (Haxinos) of Xowia Technologies, India for reporting this issue.

2016-02-08 volume.itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge Guilherme Scombatti (linkedin.com/in/guilhermescombatti) for reporting this issue.

2016-02-08 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Charfeddine Hamdi (@tws_charfeddine) of Tunisian WhiteHat Security for reporting this issue.

2016-02-04 filemaker.com

A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.

2016-02-04 rtc.euro.apple.com

A clickjacking issue was addressed. We would like to acknowledge Guilherme Scombatti (linkedin.com/in/guilhermescombatti) for reporting this issue.

2016-02-02 support.beatsmusic.com and support.burstly.com

A server configuration issue was addressed. We would like to acknowledge Harry M. Gertos for reporting this issue.

2016-02-01 presslogin.beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge Harsh Jaiswal (@rootxflood) & Rudra for reporting this issue.

2016-01-27 rtc.euro.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge  Mousab Elhag Hassan (facebook.com/mousab.elhag) of mousab.com and an anonymous researcher for reporting this issue.

2016-01-26 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge U.Kiranvas Reddy (fb.com/Kiranreddyrebel) for reporting this issue.

2016-01-15 support.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jaanus Kääp of Clarified Security and Geoffrey Van Den Berge (@geoffreyvdberge) for reporting this issue.

2016-01-15 wikid.filemaker.com

A cross-site scripting issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.

2016-01-11 itunesconnect.apple.com

A server configuration issue was addressed. We would like to acknowledge Rameen Mashhoon (hackerone.com/rmashhoon) for reporting this issue.

2016-01-04 ets-web.filemaker.apple.com

A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: