Credits
2014-12-22 ecommerce.apple.com
A server configuration issue was addressed. We would like to acknowledge Joshua Coleman(facebook.com/josh.coleman.50) for reporting this issue.
2014-12-22 itunespulse.com
A cross-site scripting issue was addressed. We would like to acknowledge Rodolfo Godalle, Jr. (facebook.com/junior.ns1de), Daksh Patel(@dakshxss), and Ch. Muhammad Osama (@ChMuhammadOsama) for reporting this issue.
2014-12-22 unionbaynetworks.com
A directory-indexing issue was addressed. We would like to acknowledge Koutrouss Naddara (facebook.com/profile.php?id=100008222891851) for reporting this issue.
2014-12-22 mynews.apple.com
A clickjacking issue was addressed. We would like to acknowledge Murugesh for reporting this issue.
2014-12-22 itunespulse.com
A cross site scripting was addressed. We would like acknowledge Rodolfo Godalle, Jr.(facebook.com/junior.ns1de) for reporting this issue.
2014-12-22 icloud.com
A cross-site scripting issue was addressed. We would like to acknowledge Prashanth Varma of prashanthvarma.in for reporting this issue.
2014-12-18 volume.itunes.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Derek Ruffner of ruffner.io for reporting this issue.
2014-12-17 itunesu.itunes.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Daniel Cohen of Speed-Net.com for reporting this issue.
2014-12-15 controls.skyrocketapp.com
A clickjacking issue was addressed. We would like to acknowledge Koutrouss Naddara (facebook.com/profile.php?id=100008222891851) for reporting this issue.
2014-12-10 marketresearch.apple.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2014-11-21 evaluatemacs.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Dhruva Sharma (facebook.com/adminhacked) for reporting this issue.
2014-11-19 evaluatemacs.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Dhruva Sharma (facebook.com/adminhacked) for reporting this issue.
2014-11-10 deploy.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Behrouz Sadeghipour (@NahamSec) for reporting this issue.
2014-10-13 pro.topsy.com
A clickjacking issue was addressed. We would like to acknowledge Aniket Pratap Singh for reporting this issue.
2014-10-07 radarsubmissions.apple.com
A certificate issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2014-10-07 consultants-locator.apple.com
A clickjacking issue was addressed. We would like to acknowledge Sachin Thakuri (@sachinnthakuri), Urja Singh Thapa, and Hari Krishnan (facebook.com/c.hari1997) for reporting this issue.
2014-09-30 pro.topsy.com
An SSL configuration issue was addressed. We would like to acknowledge Ayoub Nait Lamine for reporting this issue.
2014-09-30 vpp.itunes.apple.com
A clickjacking issue was addressed. We would like to acknowledge Chandroliya Ravi Ghanashyam bhai (@ChandroliyaRavi) for reporting this issue.
2014-09-18 itunesu.itunes.apple.com
A clickjacking issue was addressed. We would like to acknowledge S.Venkatesh (@PranavVenkatS) and Osman Erçeli̇k of Akanzii LLC for reporting this issue.
2014-09-16 hopstop.com
A cross-site scripting issue was addressed. We would like to acknowledge Memon Faisal (facebook.com/faiz.memon143) of SCET for reporting this issue.
2014-09-08 edeuroweb.apple.com
A clickjacking issue was addressed. We would like to acknowledge Osama Ansari (facebook.com/ansariosama) for reporting this issue.
2014-09-05 appleid.apple.com
An insufficient validation issue was addressed. We would like to acknowledge Cameron Banga of 9magnets, LLC for reporting this issue.
2014-09-05 topsy.com
A cross-site scripting issue was addressed. We would like to acknowledge Mohamed Abdelbaset Elnoby of W3Pwn Security Consultation for reporting this issue.
2014-09-02 hopstop.com
A cross-site scripting issue was addressed. We would like to acknowledge Memon Faisal (facebook.com/faiz.memon143) of SCET for reporting this issue.
2014-08-20 burstly.com
An out-of-date software issue was addressed. We would like to acknowledge Koutrouss Naddara (facebook.com/profile.php?id=100008222891851) for reporting this issue.
2014-08-19 hrweb.apple.com
An SSL configuration issue was addressed. We would like to acknowledge Satheesh Raj (@rsatheesh523) for reporting this issue.
2014-08-19 support.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Frans Rosén of Detectify for reporting this issue.
2014-08-18 mynews.apple.com
A caching issue was addressed. We would like to acknowledge Bill Cave for reporting this issue.
2014-08-18 beatsbydre.com
A cross-site scripting issue was addressed. We would like to acknowledge Muhammad Abdullah (facebook.com/root.abdullah) for reporting this issue.
2014-08-13 ara.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Drew Callahan (linkedin.com/pub/drew-callahan/67/62/783) for reporting this issue.
2014-08-07 edeuroweb.apple.com
A certificate issue was addressed. We would like to acknowledge Ch. Muhammad Osama (@ChMuhammadOsama) of Chmosama.com (chmosama.com) and Hardik Tailor (@iamhardiktailor) for reporting this issue.
2014-08-06 jobs.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Scott Glossop of randomstorm.com for reporting this issue.
2014-08-04 icloud.com/mail
A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2014-07-30 hopstop.com
An out-of-date software issue was addressed. We would like to acknowledge Sangeetha Rajesh S for reporting this issue.
2014-07-15 images.apple.com
An open redirect issue was addressed. We would like to acknowledge Sabari Selvan (@EHackerNews) of Cyber Security & Privacy Foundation, Max Prietzel and an anonymous researcher for reporting this issue.
2014-07-09 hopstop.com
A cross-site scripting issue was addressed. We would like to acknowledge Jitendra Jaiswal (@jeetjaiswal22) from S.S Jain Subodh P.G College Jaipur India for reporting this issue.
2014-07-03 myaccess.apple.com
A server configuration issue was addressed. We would like to acknowledge Ryan Manly of Glenbrook High School District 225 for reporting this issue.
2014-07-02 acn-members.apple.com
A server configuration issue was addressed. We would like to acknowledge Kamil Sevi (@kamilsevi) for reporting this issue.
2014-07-01 appleseed3.apple.com
A clickjacking issue was addressed. We would like to acknowledge S.Venkatesh (@PranavVenkatS) for reporting this issue.
2014-06-20 extensions.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Brij Kishore Mishra (@__bkm_) for reporting this issue.
2014-06-19 store.apple.com
An information disclosure issue was addressed. We would like to acknowledge Kenney Lu (@eolwral) of Yahoo! for reporting this issue.
2014-06-16 privftp.apple.com
An exposed credential issue was addressed. We would like to acknowledge Guilherme Rambo for reporting this issue.
2014-06-13 developer.apple.com
A mixed-content issue was addressed. We would like to acknowledge Russell Sullivan for reporting this issue.
2014-06-11 myaccess.apple.com
An SSL configuration issue was addressed. We would like to acknowledge Russell Jancewicz of University of Connecticut for reporting this issue.
2014-05-05 consultants.apple.com
An Apache configuration issue was addressed. We would like to acknowledge Tariq Ziyad Al-Diab (facebook.com/TariqZiyad97) and Simone Memoli of Liceo Scientifico Valdemaro Vecchior for reporting this issue.
2014-04-28 bugreport.apple.com
An information disclosure issue was addressed. We would like to acknowledge Jesse Mikael Järvi for reporting this issue.
2014-04-23 searchcgi.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Artur Czyz (ArturCzyz.pl) for reporting this issue.
2014-04-17 store.apple.com
A server configuration issue was addressed. We would like to acknowledge Nakul Mohan of @Anonymous_India for reporting this issue.
2014-04-08 sift.apple.com
An SSL configuration issue was addressed. We would like to acknowledge Simone Memoli of Liceo Scientifico Valdemaro Vecchi for reporting this issue.
2014-04-04 discussionschinese.apple.com
A server configuration issue was addressed. We would like to acknowledge Riaz Ebrahim (linkedin.com/pub/riaz-ebrahim-cissp-ceh/3b/347/383) for reporting this issue.
2014-04-02 support.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Krishna Chaitanya Kadaba (@1kadaba) for reporting this issue.
2014-03-26 ep.sap.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Guillaume Buttet from Switzerland (facebook.com/guillaume.buttet) for reporting this issue.
2014-03-25 icloud.com
A cross-site scripting issue was addressed. We would like to acknowledge Allan Jay Tomol of OrangeApps for reporting this issue.
2014-03-21 info.apple.com/export/
A cross-site scripting issue was addressed. We would like to acknowledge Ketan Sirigiri of Cigniti Technologies Ltd. for reporting this issue.
2014-03-21 edeuroweb.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Ibrahim Raafat (@RaafatSEC) of Q-CERT, Florindarck (@QuisterTow) of Romanian Security Team (rstforums.com), Wong Chieh Yie (@wcypierrenet), and Danalachi Sergiu for reporting this issue.
2014-03-20 acn-members.apple.com
A clickjacking issue was addressed. We would like to acknowledge Chandroliya Ravi Ghanashyam bhai (@ChandroliyaRavi) for reporting this issue.
2014-03-19 canadaapp.apple.com
A server configuration issue was addressed. We would like to acknowledge Simone Memoli (Simon90_Italy) of Italian Security Team and Muhammad Shahzad for reporting this issue.
2014-03-18 qtdevseed.apple.com
An Apache configuration issue was addressed. We would like to acknowledge Simone Memoli of Liceo Scientifico Valdemaro Vecchi for reporting this issue.
2014-03-14 apple.com
A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2014-03-14 apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Olivier Beg of lanaru.com for reporting this issue.
2014-03-11 apple.com
A Flash cross-domain policy issue was addressed. We would like to acknowledge Osama Mahmood (@OsamaMahmood007) of Team Cyber Switch for reporting this issue.
2014-03-03 depot.info.apple.com
A server configuration issue was addressed. We would like to acknowledge Indrajith AN (facebook.com/indrajith.cyberXdestroyer) for reporting this issue.
2014-03-03 depot.info.apple.com
A reflected cross-site scripting issue was addressed. We would like to acknowledge Sky_BlaCk of Team G410 for reporting this issue.
2014-02-28 topsy.com
A cross-site scripting issue was addressed. We would like to acknowledge Christian Galeone (thefacebook.com/christian.galeone.1) of ITCL Marco Polo - Bari for reporting this issue.
2014-02-26 edu-vpp.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Jean Pascal Pereira of secbiz.org for reporting this issue.
2014-02-16 bugreport.apple.com
A clickjacking issue was addressed. We would like to acknowledge Sahil Dhar (facebook.com/dhar66) and Paras Pilani (@cool_paras) for reporting this issue.
2014-02-15 bugreport.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge N B Sri Harsha (nbsriharsha.blogspot.in) and Pedro Caixeta de Castro (linkedin.com/in/pedrocaixetac) reporting this issue.
2014-02-14 discussionskorea.apple.com/people
A cross-site scripting issue was addressed. We would like to acknowledge Ali Hassan Ghori of AHPT, Babar Khan Akhunzada of AHPT, Ehraz Ahmed (@tweetehrazahmed), Umraz Ahmed (@umrazahmed), and Charaf Anons (@CharafAnons) for reporting this issue.
2014-02-13 consultants.apple.com
An insecure cookie issue was addressed. We would like to acknowledge Memon Faisal (facebook.com/faiz.memon14) of SCET for reporting this issue.
2014-02-12 consultants.apple.com
A clickjacking issue was addressed. We would like to acknowledge Jigar Thakkar (@jigarthakkar39) of infobittechnologies.com and Nitin Goplani of Aujas Networks for reporting this issue.
2014-02-12 identity.apple.com
An XML external entity issue was addressed. We would like to acknowledge Nassim Abbaoui (@MetalnaS) for reporting this issue.
2014-02-11 hopstop.com
A cross-site scripting issue was addressed. We would like to acknowledge Memon Faisal (facebook.com/faiz.memon14) of SCET for reporting this issue.
2014-02-10 hopstop.com
A cross-site scripting issue was addressed. We would like to acknowledge Indrajith AN and KD Divakar for reporting this issue.
2014-02-08 aoschat.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC (xss.cx) for reporting this issue.
2014-02-08 aoschat.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Vaibhuv Sharma (facebook.com/vaibhuv.sharma) of Pc-S3curity (pc-s3curity.com/), Vansh Sharma (facebook.com/vanshsharma95) of Pc-S3curity (pc-s3curity.com/), Evan Ricafort of evanricafort.com, and kminthant (@psxchotic) for reporting this issue.
2014-02-03 info.apple.com
An HTTP header injection issue was addressed. We would like to acknowledge Ishan Anand (Zero-Access, facebook.com/zero.access999) for reporting this issue.
2014-02-03 trailers.apple.com
An SQL injection issue was addressed. We would like to acknowledge Andrei Neculaesei (algorithm.dk) for reporting this issue.
2014-02-03 topsy.com
An Apache configuration issue was addressed. We would like to acknowledge Waqeeh Ul Hasan of SOftProweb (softproweb.blogspot.com/) for reporting this issue.
2014-01-29 hopstop.com
A cross-site scripting issue was addressed. We would like to acknowledge Memon Faisal (facebook.com/faiz.memon14) of SCET for reporting this issue.
2014-01-27 discussionskorea.apple.com
An out-of-date software issue was addressed. We would like to acknowledge Muhammad Shahmeer of Maads Security and UIT for reporting this issue.
2014-01-27 volume.itunes.apple.com
A clickjacking issue was addressed. We would like to acknowledge Chandroliya Ravi Ghanashyam bhai (@ChandroliyaRavi) for reporting this issue.
2014-01-27 discussions.apple.com
A stored cross-site scripting issue was addressed. We would like to acknowledge Enguerran Gillier of OpnSec.com for reporting this issue.
2014-01-23 topsy.com
A cross-site scripting issue was addressed. We would like to acknowledge Jacob Soo (@Gunther_AR) of ARTeam for reporting this issue.
2014-01-15 discussions.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Juan Broullón Sampedro of Grampus Team, J Muhammed Gazzaly - @gazly (gazzaly.info), David Eusebius Georgian (facebook.com/eusebiu.david.16), and Charaf Anons (@CharafAnons) for reporting this issue.
2014-01-14 airprint.apple.com
An Apache configuration issue was addressed. We would like to acknowledge Simone Memoli (Simon90_Italy) of Toxic Security Team for reporting this issue.
2014-01-13 plus.topsy.com
Reflected cross-site scripting issues were addressed. We would like to acknowledge Koutrouss Naddara (facebook.com/superbade) for reporting these issues.
2014-01-09 lists.apple.com
An SSL configuration issue was addressed. We would like to acknowledge Thomas Bartelmess of Marketcircle and Aaron Golding Brager (@getaaron) for reporting these issues.
2014-01-07 training.apple.com/schedule/aperture101
A cross-site scripting issue was addressed. We would like to acknowledge Shubham Upadhyay (@CyberShubhaM) of Advanced TechDefence, Simon Claudiu of Liceul Teoretic Bogdan Voda, and Sandeep Singh Rehal for reporting this issue.
2014-01-06 consultants.apple.com
A blind SQL injection issue was addressed. We would like to acknowledge Burak Bakir (@pr3d1c7) of burakb.net for reporting this issue.
Web Server notifications by year
For information about Apple Web Server notifications from previous years, see these documents: