Apple web server notifications

This article provides credit to people who have reported potential security issues in Apple's web servers.

Credits

2018-06-18 live-promotions.apple.com

A server configuration issue was addressed. We would like to acknowledge Jonathan Bouman (https://protozoan.nl) for reporting this issue.

2018-06-16 itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge Anil Tom for reporting this issue.

2018-06-13 applemusicfestival.com

A server configuration issue was addressed. We would like to acknowledge Shubham Maheshwari (linkedin.com/in/shubhack319) for reporting this issue.

2018-06-12 ara.apple.com

A server configuration issue was addressed. We would like to acknowledge Anas Mahmood (@CyberTiger) for reporting this issue.

2018-05-29 apple.com

A server configuration issue was addressed. We would like to acknowledge Sam Eizad (linkedin.com/in/sameizad) of Certezza for reporting this issue.

2018-05-02 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Tsubasa Iinuma of Gehirn Inc. for reporting this issue.

2018-04-30 feedback.apple.com

A server configuration issue was addressed. We would like to acknowledge Havoc Guhan (குகன் ராஜா) of தமிழ் பசங்க ஹேக்கர்ஸ் for reporting this issue.

2018-04-25 ecommerce.apple.com

A server configuration issue was addressed. We would like to acknowledge Umesh P Jore (linkedin.com/in/umesh-jore-55015194) for reporting this issue.

2018-04-26 asw-cdn.apple.com

A server configuration issue was addressed. We would like to acknowledge Kotaro Hikita (@KotaroHikita) for reporting this issue.

2018-04-24 mp4ra.apple.com

A server configuration issue was addressed. We would like to acknowledge Abhishek Sidharth (facebook.com/ab2op4u) for reporting this issue.

2018-04-23 apple.com

A cross-site request forgery issue was addressed. We would like to acknowledge an anonymous researcher, EA Akalanka Ekanayake of WinterShift Inc, and Ravikumar Ulchala for reporting this issue.

2018-04-10 gsx.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2018-04-09 support.apple.com

A server configuration issue was addressed. We would like to acknowledge Monika Talekar (linkedin.com/in/monika-talekar-oscp-8012b891) for reporting this issue.

2018-03-31 store.apple.com

A cross-site request forgery issue was addressed. We would like to acknowledge Faiz Ahmed Zaidi Url (linkedin.com/in/faizzaidi) of Provensec LLC Url (provensec.com) for reporting this issue.

2018-03-29 credo.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2018-03-20 gsxut.apple.com

A server configuration issue was addressed. We would like to acknowledge Rumak Ivan (vk.com/internet_bully) for reporting this issue.

2018-03-20 ogcportal-ext.apple.com

A server configuration issue was addressed. We would like to acknowledge @Timedout of Moresec Security Team (moresec.cn) for reporting this issue.

2018-03-19 gsx2ut-new.apple.com

A server configuration issue was addressed. We would like to acknowledge Rumak Ivan (vk.com/internet_bully) for reporting this issue.

2018-03-15 esign.apple.com 

A server configuration issue was addressed. We would like to acknowledge Tansel ÇETİN (tanselcetin.com) for reporting this issue.

2018-03-08 beta.apple.com

A server configuration issue was addressed. We would like to acknowledge Vyshnav N K (vyshnavvizz.dx.am) of Kerala for reporting this issue.

2018-02-26 apple.com

A server configuration issue was addressed. We would like to acknowledge KirtiKumar Anandrao Ramchandani (linkedin.com/in/kirtikumar-anandrao-ramchandani-ba949b153/) for reporting this issue.

2018-02-09 esign.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nick Kelley for reporting this issue.

2018-02-05 corp.apple.com

A server configuration issue was addressed. We would like to acknowledge Alexey Dorogin (@travgen) for reporting this issue.

2018-02-01 pttest.apple.com

A server configuration issue was addressed. We would like to acknowledge Deepak Holani of Jaipur Engineering College and Research Centre (facebook.com/deepak.holani.5) for reporting this issue.

2018-01-19 embed.apple.media 

A cross-site scripting issue was addressed. We would like to acknowledge Lewis Ardern (@LewisArdern) for reporting this issue.

2018-01-12 ade.apple.com

A server configuration issue was addressed. We would like to acknowledge Ali Wamim Khan (@WamimKhan) for reporting this issue.

2018-01-04 apple.com

A server configuration issue was addressed. We would like to acknowledge Michael F (@TsundereDwarf), Morgan S (@14160) and Miku T for reporting this issue.

2017-12-17 lists.apple.com

A server configuration issue was addressed. We would like to acknowledge Ahmed atef abdou (linkedin.com/in/ahmed-pentest/) of AAA for reporting this issue.

2017-12–15 mfi.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2017-12-13 cbl.apple.com

A server configuration issue was addressed. We would like to acknowledge Juba Baghdad (@JubaBaghdad) for reporting this issue.

2017-12-13 cbl.apple.com

A server configuration issue was addressed. We would like to acknowledge CongRong (@Tr3jer) and Kravchenko Stas (@zuh4n) for reporting this issue.

2017-12-12 k.apple.com

A server configuration issue was addressed. We would like to acknowledge Anas Mahmood (@CyberTiger) for reporting this issue.

2017-12-12 discussions.apple.com

A cross-site request forgery issue was addressed. We would like to acknowledge Rony Gigi for reporting this issue.

2017-12-08 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Tansel ÇETİN (linkedin.com/in/tanselcetin) for reporting this issue.

2017-12-06 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Steven Hampton (@Keritzy) for reporting this issue.

2017-12-05 icloud.com

A server configuration issue was addressed. We would like to acknowledge Yongjin Kim (adm1nkyj) of adm1nkyj.kr researcher for reporting this issue.

2017-11-10 icloud.com

A server configuration issue was addressed. We would like to acknowledge Stephen Binns and Garry Shutler of Cronofy (cronofy.com) for reporting this issue.

2017-11-09 av.apple.com

A server configuration issue was addressed. We would like to acknowledge Charles Truluck of Porter-Gaud School for reporting this issue.

2017-10-24 facebook.itunes.com

A server configuration issue was addressed. We would like to acknowledge Wai Yan Aung (@waiyanaun9) and Hsu Myat Noe (@hsumyatno3) for reporting this issue.

2017-10-04 iforgot.apple.com

A server configuration issue was addressed. We would like to acknowledge Yeasir Arafat (facebook.com/skylinearafat.arafat) of Bangladeshi, Cyber Security Researcher, and an anonymous researcher for reporting this issue.

2017-09-27 support.apple.com

A server configuration issue was addressed. We would like to acknowledge Sarankumar VB (linkedin.com/in/saranvb/) for reporting this issue.

2017-09-20 your.beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge Pal Patel of LDRP-ITR and Pal Patel of SJS for reporting this issue.

2017-09-13 iforgot.apple.com

A server configuration issue was addressed. We would like to acknowledge Faid Mohammed Amine (@b4ckDo0r3d) of University specialized in IT Development, Sagar Bhavar* (@sagarbhavar) of SecurView, Pune, and an anonymous researcher for reporting this issue.

2017-08-29 support.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Taha Smily (@TahakhanTaha) for reporting this issue.

2017-08-24 beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge Corben Leo (sxcurity.github.io) for reporting this issue.

2017-08-24 beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge Moamen Basel (@momenbassel) for reporting this issue.

2017-08-24 beatsbydre.com

A cross-site scripting issue was addressed. We would like to acknowledge Corben Leo (https://sxcurity.github.io) for reporting this issue.

2017-08-22 developer.filemaker.com

A server configuration issue was addressed. We would like to acknowledge Harnoorpreet Singh (facebook.com/preetnoorz) of Nihal Singh Wala, Anas Mahmood (@AnasIsHere) for reporting this issue.

2017-08-22 icloud.com

A server configuration issue was addressed. We would like to acknowledge Josh English (@joshenglish) and Manuel Huez of ProcessOut (processout.com) for reporting this issue.

2017-08-17 tw.apple.com

A server configuration issue was addressed. We would like to acknowledge Wai Yan Aung (@waiyanaun9) for reporting this issue.

2017-08-11 images.apple.com

A server configuration issue was addressed. We would like to acknowledge Cem Onat Karagun (linkedin.com/in/cemkaragun) of the I.T. Department of University of Kocaeli for reporting this issue.

2017-08-03 tw.apple.com

A server configuration issue was addressed. We would like to acknowledge Wai Yan Aung (@waiyanaun9) for reporting this issue.

2017-08-03 ws01.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Yongjin Kim (adm1nkyj) of adm1nkyj.kr for reporting this issue.

2017-08-03 rad.apple.com

A server configuration issue was addressed. We would like to acknowledge Guifre Ruiz (guif.re) for reporting this issue.

2017-08-03 solutions.filemaker.com 

A clickjacking issue was addressed. We would like to acknowledge Akbar kp of Aforecybersec for reporting this issue.

2017-07-12 icloud.com

A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2017-07-08 itunesu.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Marc Castejon of Silent Breach Inc. for reporting this issue.

2017-07-06 itunesconnect.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2017-07-02 live-promotions.apple.com

A server configuration issue was addressed. We would like to acknowledge Fredrik Nordberg Almroth for reporting this issue.

2017-07-02 store.apple.com

A server configuration issue was addressed. We would like to acknowledge William Entriken (@fulldecent) of phor.net for reporting this issue.

2017-07-01 apple.com

A server configuration issue was addressed. We would like to acknowledge Sven Soltermann (handyman.ch) for reporting this issue.

2017-06-29 ssl.apple.com

A server configuration issue was addressed. We would like to acknowledge Ala Arfaoui (facebook.com/alaa.arfaoui) for reporting this issue.

2017-06-27 icloud.com

A cross-site scripting issue was addressed. We would like to acknowledge Gareth Bryan (linkedin.com/in/garethjbryan/) for reporting this issue.

2017-06-26 feedback.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2017-06-01 afsportal.euro.apple.com

A server configuration issue was addressed. We would like to acknowledge Vedachala (theinformationsecurity.com) for reporting this issue.

2017-05-31 pttest.apple.com

A server configuration issue was addressed. We would like to acknowledge Seyed Morteza Haghiralsadat of CERT Lab of Ferdowsi University of Mashhad for reporting this issue.

2017-05-31 lists.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2017-05-30 developer.filemaker.com

A server configuration issue was addressed. We would like to acknowledge Sadik Shaikh (linkedin.com/in/sadikshaikh) of ExtremeHacking.org for reporting this issue.

2017-05-30 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Richard Alviarez (@queseguridad) for reporting this issue.

2017-05-27 apple.com

A server configuration issue was addressed. We would like to acknowledge Mohammed Israil (facebook.com/VillageLad) for reporting this issue.

2017-05-23 investor.apple.com 

A clickjacking issue was addressed. We would like to acknowledge Blake Rand of Grandview Preparatory School for reporting this issue.

2017-05-22 feedback.apple.com

A server configuration issue was addressed. We would like to acknowledge Seyed Morteza Haghiralsadat of CERT Lab of Ferdowsi University of Mashhad for reporting this issue.

2017-05-12 linkmaker.itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.

2017-05-12 webcast.apple.com

A server configuration issue was addressed. We would like to acknowledge Adrien Paulet of Rbcafe (rbcafe.com) and an anonymous researcher for reporting this issue.

2017-05-12 apple.com

A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.

2017-05-09 search.developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Wai Yan Aung (@waiyanaun9) for reporting this issue.

2017-05-03 icloud.com

A cross-site scripting issue was addressed. We would like to acknowledge Musab Alhussein (linkedin.com/in/musab1) of RespondTeam.com for reporting this issue.

2017-05-03 id.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2017-05-02 bugreport.apple.com

A server configuration issue was addressed. We would like to acknowledge Daniel Compton (danielcompton.net) researcher for reporting this issue.

2017-04-25 your.beatsbydre.com

A cross-site scripting issue was addressed. We would like to acknowledge Emre KOSEOGLU, Edwin Foudil (edwinfoudil.com), and Luke McInerney (linkedin.com/in/luke-mcinerney) of Babson College for reporting this issue.

2017-04-24 getsupport.apple.com 

A cross-site scripting issue was addressed. We would like to acknowledge @Timedout of Moresec Security Team (moresec.cn) and Yoni Ramon (linkedin.com/in/yoni-ramon-7a853430/) of Tesla for reporting this issue.

2017-04-21 icloud.com 

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2017-04-20 apple.com

A server configuration issue was addressed. We would like to acknowledge Mike Pieters (mikepieters.nl) of bitsense for reporting this issue.

2017-04-20 itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2017-04-18 ssl.apple.com

A server configuration issue was addressed. We would like to acknowledge Sam Edward Gaikwad (facebook.com/imzephyr), and an anonymous researcher for reporting this issue.

2017-04-18 retailjss.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2017–04-18 store.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2017-04-18 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Joel Ahlstedt (@jolle) for reporting this issue.

2017-04-18 clearmater.apple.com

A server configuration issue was addressed. We would like to acknowledge Kravchenko Stas (@zuh4n) for reporting this issue.

2017-04-18 atlaslms.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mustafa Hasan (@strukt93) of Netsparker for reporting this issue. 

2017-04-18 support.apple.com

A server configuration issue was addressed. We would like to acknowledge MD. Toufique Imam Chowdhury (facebook.com/toufiqueimam) for reporting this issue.

2017-04-12 beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge Vipin Chaudhary (@vipinxsec) for reporting this issue.

2017-04-12 opensource.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Alec Blance (facebook.com/alec.blance) for reporting this issue.

2017-04-10 itunesconnect.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2017-03-30 icloud.com

A server configuration issue was addressed. We would like to acknowledge Jose Carlos Exposito Bueno for reporting this issue.

2017-03-28 bugreport.apple.com

A server configuration issue was addressed. We would like to acknowledge Seth Vargo (@sethvargo) of HashiCorp for reporting this issue.

2017-03-24 developer.filemaker.com

A cross-site scripting issue was addressed. We would like to acknowledge Joseph Jose (@josephjose_96) for reporting this issue.

2017-03-24 apple.com

A server configuration issue was addressed. We would like to acknowledge Zain Amro (zaytoun.io) for reporting this issue.

2017-03-23 filemakerjobbard.com

A server configuration issue was addressed. We would like to acknowledge Amol Bhure (linkedin.com/in/amolbhure/) of Attify Inc. (attify.com), Ajay S. Kulal (@ajay_kulal) of Dr. Homi Bhabha Vidyalaya, and Gerardo Venegas (@v0raz) for reporting this issue.

2017-03-22 support.apple.com

A server configuration issue was addressed. We would like to acknowledge Owen Pragel (linkedin.com/in/owenpragel/).

2017-03-21 itunes.com

A cross-site scripting issue was addressed. We would like to acknowledge Christian Goldbach (linkedin.com/in/christian-goldbach) for reporting this issue.

2017-03-21 icloud.com

A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.

2017-03-20 getsupport.apple.com

A server configuration issue was addressed. We would like to acknowledge Eusebiu Blindu (@testalways) for reporting this issue.

2017-03-16 beatsbydre.com 

A server configuration issue was addressed. We would like to acknowledge Daniyal Nasir (linkedin.com/in/daniyalnasir) for reporting this issue.

2017-03-16 beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge Akshay Jain for reporting this issue.

2017-03-16 bestbydre.com

A cross-site scripting issue was addressed. We would like to acknowledge Muhammad Khizer Javed of SecurityBreached.com.pk, Kunal Khubchandani (@__kun4l__), Muhammad Uwais (@Muhd_Uwais_), Mohammed Abdul Raheem of Shadan College of Engineering and Technology (Hyderabad), and an anonymous researcher for reporting this issue.

2017-03-15 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Seyed Morteza Haghiralsadat and Sajjad Pourali of CERT of Ferdowsi University of Mashhad for reporting this issue.

2017-03-07 mfi.apple.com

A server configuration issue was addressed. We would like to acknowledge Nike.Zheng of Webin security lab (dbapp security Ltd.), Zhaohuan of Tencent Security Platform (security.tencent.com), and YongShao - zhiyong Feng of JDSEC (1aq.com) for reporting this issue.

2017-03-07 developer.apple.com

A server configuration issue was addressed. We would like to acknowledge Zhaohuan of Tencent Security Platform (security.tencent.com) for reporting this issue.

2017-03-07 ara.apple.com

A server configuration issue was addressed. We would like to acknowledge Nike.Zheng of Webin security lab (dbapp security Ltd.), Zhaohuan of Tencent Security Platform (security.tencent.com), YongShao - zhiyong Feng of JDSEC (1aq.com), Terry Zhang of Tophant.com, silence (@silence_darker), Yulu (yu1u.org) of Guizhou Yulu security team, and 4ft35t of (knownsec.com) for reporting this issue.

2017-03-07 aoschat.apple.com

A server configuration issue was addressed. We would like to acknowledge Bharath Kumar (linkedin.com/in/BharathKumarMV) for reporting this issue.

2017-03-05 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Vladimir Dimitrijevski, Jubaer Al Nazi of ServerGhosts Bangladesh, IVAN DANILOV, Nurullah Demir (ndemir.com), Muhammad Zeeshan, Juhani Hautala, Abdel Hafid Ait Chikh (@hafidaitchik), and an anonymous researcher for reporting this issue.

2017-02-28 affiliate.itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge Jayson Vasquez Rubio of Iloilo Science and Technology University, ISAT-U for reporting this issue.

2017-02-28 itunesconnect.apple.com

A clickjacking issue was addressed. We would like to acknowledge AbedAlqader Swedan (facebook.com/crypter1996a), Rahmat Nurfauzi (linkedin.com/in/rahmatnurfauzi), and Viral Maniar (@maniarviral) for reporting this issue.

2017-02-28 direct.filemaker.com

A server configuration issue was addressed. We would like to acknowledge Ajay S. Kulal (@ajay_kulal) of Dr. Homi Bhabha Vidyalaya, Tarapur for reporting this issue.

2017-02-27 procurementportal.apple.com

A server configuration issue was addressed. We would like to acknowledge Sadik Shaikh (linkedin.com/in/sadikshaikh) of ExtremeHacking.org for reporting this issue.

2017-02-27 idmsa.apple.com

A server configuration issue was addressed. We would like to acknowledge Ahsan Tahir (@AhsanTahirAT) for reporting this issue.

2017-02-13 beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge Ashutosh Kumar (@divashutosh) and Callum Carney for reporting this issue.

2017-02-06 appleid.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2017-02-03 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Kieran Claessens (kieranclaessens.be) of Howest for reporting this issue.

2017-02-02 mynews.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Vishal Shukla (@shukla304), Abhishek Shroti (@Fake_Politics), Mustafa Hasan (strukt), Hussain Adnan Hashim (@hussain_0x3c), and an anonymous researcher for reporting this issue.

2017-01-30 procurementportal.apple.com

A server configuration issue was addressed. We would like to acknowledge Seyed Morteza Haghiralsadat (linkedin.com/in/seyed-morteza-haghiralsadat-05325471/), CERT LAB Ferdowsi University of Mashhad, Iran.

2017-01-27 itunes.phgconsole.performancehorizon.com

A server configuration issue was addressed. We would like to acknowledge Vignesh.v (facebook.com/profile.php?id=100006823931855) for reporting this issue.

2017-01-24 itunes.com

A server configuration issue was addressed. We would like to acknowledge Sergey Bobrov (@Black2Fan) for reporting this issue.

2017-01-20 filemaker.com

A server configuration issue was addressed. We would like to acknowledge Anas Roubi (@Qasuar) for reporting this issue.

2017-01-18 help.filemaker.com

A cross-site scripting issue was addressed. We would like to acknowledge Rahul Dattatraya Kankrale of Servicenger for reporting this issue.

2016-12-20 myaccess.apple.com

A server configuration issue was addressed. We would like to acknowledge Yogesh Anil Tantak (facebook.com/ytantak1) for reporting this issue.

2016-12-20 support.apple.com

A server configuration issue was addressed. We would like to acknowledge Nikhil Kumar (linkedin.com/in/nikhil-kumar-20ba0a24/) of Neogrowth Credit Pvt. Ltd. for reporting this issue.

2016-12-18 challengebasedlearning.org

A cross-site request forgery issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-12-18 challengebasedlearning.org

A cross-site request forgery issue was addressed. We would like to acknowledge Er Pratik Panchal of Infobit Technologies for reporting this issue.

2016-12-18 challengebasedlearning.org

A cross-site scripting issue was addressed. We would like to acknowledge Jon Bottarini (@jon_bottarini), Rui Silva (facebook.com/ruisilvaoficial), Kevin VALERIO (@conslight), Ahmed Abdalla Fathi (facebook.com/mr.alexseve), Max Prietzel, Emil Frits Bengtsson of KHS, and Nadi Abdellah (facebook.com/bloody.fang12) for reporting this issue.

2016-12-13 beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge Mohammed El Bess (facebook.com/halbess) and Mohammad Abuhassan (facebook.com/anonfantom) for reporting this issue.

2016-12-12 appleid.apple.com 

A cross-site request forgery issue was addressed. We would like to acknowledge Ramin Farajpour Cami for reporting this issue.

2016-12-08 myaccess.apple.com

A server configuration issue was addressed. We would like to acknowledge Richard Moulinneuf from SafeRail (saferail.fr/en) for reporting this issue.

2016-12-08 myaccess.apple.com

A server configuration issue was addressed. We would like to acknowledge Jon Bottarini (@jon_bottarini) of HackerOne for reporting this issue.

2016-12-08 icloud.com

A cross-site scripting issue was addressed. We would like to acknowledge Greg Harris for reporting this issue.

2016-12-07 store.apple.com

A server configuration issue was addressed. We would like to acknowledge Patrick Schlangen for reporting this issue.

2016-11-29 iadworkbench.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mustafa Hasan (strukt) for reporting this issue.

2016-11-28 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-11-28 apple.com

A clickjacking issue was addressed. We would like to acknowledge Kameshwar Thakur (securityspecialist.in) and Ramin Farajpour Cami (bugjoo.ir) for reporting this issue.

2016-11-18 icloud.com

A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.

2016-11-15 beatsbydre.com

A cross-site scripting issue was addressed. We would like to acknowledge Mohamed A. Baset of Seekurity.com SAS de C.V. Mexico and an anonymous researcher for reporting this issue.

2016-11-08 apple.com

A server configuration issue was addressed. We would like to acknowledge Manish Bhattacharya of manishbhattacharya.com for reporting this issue.

2016-11-04 opensource.apple.com

A server configuration issue was addressed. We would like to acknowledge Dane Wachs of Ubiquitous Computing LLC and an anonymous researcher for reporting this issue.

2016-11-02 ssl.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-11-02 itunesconnect.apple.com

A server configuration issue was addressed. We would like to acknowledge Juha Suontausta of Telia Company for reporting this issue.

2016-11-02 store.apple.com

A server configuration issue was addressed. We would like to acknowledge Raad Firas Haddad (@raadfhaddad) for reporting this issue.

2016-11-01 support.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Tatsuki Maekawa of Gehirn Inc. for reporting this issue.

2016-10-31 solutions.filemaker.com

A cross site scripting issue was addressed. We would like to acknowledge Nicholas R (linkedin.com/in/Nixholas) for reporting this issue.

2016-10-25 searchads.apple.com

A server configuration issue was addressed. We would like to acknowledge an Gökay Gündoğan (www.gokaygundogan.com.tr) for reporting this issue.

2016-10-19 applepaysupplies.com

A cross-site request forgery issue was addressed. We would like to acknowledge Djoukhrab Djaber (facebook.com/djrootdz) of Kasdi Merbah Ouargla University for reporting this issue.

2016-10-13 attache.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Tadj Youssouf (facebook.com/oc3f.dz)

2016-10-10 iforgot.apple.com

A server configuration issue was addressed. We would like to acknowledge Mourad Benzine for reporting this issue.

2016-10-05 developer.apple.com

A server configuration issue was addressed. We would like to acknowledge Wai Yan Aung (@waiyanaun9) for reporting this issue.

2016-10-05 procurementportal.apple.com

A server configuration issue was addressed. We would like to acknowledge Eusebiu Blindu (@testalways) for reporting this issue.

2016-10-03 qtdevseed.apple.com

A server configuration issue was addressed. We would like to acknowledge Marco Cazzaniga for reporting this issue.

2016-10-03 qtdevseed.apple.com

A server configuration issue was addressed. We would like to acknowledge @kraken_kall for reporting this issue.

2016-10-03 qtdevseed.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-09-27 getsupport.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Nicolas Francois of MeoW Sec for reporting this issue.

2016-09-23 swdlp.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Rakan Alotaibi (@hxteam) for reporting this issue.

2016-09-22 checkcoverage.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Zee Shan (@z33_5h4n) of hacker1.xyz, Louis Lang (louislang.com), Ivan Danilov (linkedin.com/in/coderast) of IPSERVER LLC, Gerardo Venegas, Edwin Foudil (edwinfoudil.com), Mustafa Hasan of Netsparker, Faizan Ahmad of Fsecurify (fsecurify.com), Orange Tsai from DEVCORE, James262144XD, and Joel Noguera (@niemand_sec) for reporting this issue.

2016-09-14 apple.com

A cross site scripting issue was addressed. We would like to acknowledge Florian Kunushevci (facebook.com/misteriozi.pirat.kwg) for reporting this issue.

2016-09-13 apple.com

A cross site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-09-13 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jake Eaton (linkedin.com/in/jake-eaton), Sahil Tikoo of Thakur College, Rahul Dattatraya Kankrale (@RahulKankrale) of servicenger.com, Matthew Telfer (MLT) of Project Insecurity (@ret2libc), and Cameron Dawe of Spam404 (@Spam404Online) for reporting this issue.

2016-09-12 carrierlink.apple.com

A server configuration issue was addressed. We would like to acknowledge HexTitan for reporting this issue.

2016-09-12 identity.appple.com

A server configuration issue was addressed. We would like to acknowledge Michael Stepankin of Positive Technologies (@Artsploit) for reporting this issue.

2016-09-02 presslogin.beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge Kenny Hietbrink (hietbr.ink) of Syntra West for reporting this issue.

2016-08-31 privftp.apple.com

A clickjacking issue was addressed. We would like to acknowledge Mohamed A. Baset of Seekurity.com SAS de C.V. Mexico for reporting this issue.

2016-8-31 apple.com

A server configuration issue was addressed. We would like to acknowledge Faast Team of ElevenPaths.com for reporting this issue.

2016-08-29 filemaker.com

A cross-site scripting issue was addressed. We would like to acknowledge Ayoub Nait Lamine for reporting this issue.

2016-08-25 auth.me.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-08-16 icloud.com

A server configuration issue was addressed. We would like to acknowledge Lucas Toriello (linkedin.com/in/lucastoriello) of ESIEA (C+V)° Laboratory for reporting this issue.

2016-08-16 icloud.com

A server configuration issue was addressed. We would like to acknowledge Alexander Traud of (traud.de) for reporting this issue.

2016-08-10 apple.com

A server configuration issue was addressed. We would like to acknowledge Brooke Schreier Ganz (@Asparagirl) for reporting this issue.

2016-08-09 consultants-locator.apple.com

A server configuration issue was addressed. We would like to acknowledge Abdullah Hussam (ahussam.me) for reporting this issue.

2016-08-08 itunesconnect.apple.com

A server configuration issue was addressed. We would like to acknowledge Simon Maddox and an anonymous researcher for reporting this issue.

2016-07-27 apple.com

A server configuration issue was addressed. We would like to acknowledge Ye Yint Min Thu Htut (YGN Ethical Hacker group yehg.net) and Satyam Rastogi (facebook.com/hackersatyamrastogi) for reporting this issue.

2016-07-26 download.info.apple.com

A server configuration issue was addressed. We would like to acknowledge Ye Yint Min Thu Htut (YGN Ethical Hacker group yehg.net) for reporting this issue.

2016-07-25 apple.com

A server configuration issue was addressed. We would like to acknowledge Ahmed Elsobky (@0xSobky) for reporting this issue.

2016-07-22 lookup-api.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Orange Tsai of DEVCORE for reporting this issue.

2016-07-22 developer.filemaker.com

A cross site scripting issue was addressed. We would like to acknowledge Dharamvir Bisht (linkedin.com/in/dharamvirbisht) for reporting this issue.

2016-07-13 yuri.apple.com

A server configuration issue was addressed. We would like to acknowledge Adrián Condes for reporting this issue.

2016-07-13 appstore.com

A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.

2016-07-11 retailjss.apple.com

A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.

2016-07-11 itunesu.itunes.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Hasan Emre Özer for reporting this issue.

2016-07-05 canadaapp.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-06-23 challengebasedlearning.org

A SQL injection issue was addressed. We would like to acknowledge Shawar Khan (facebook.com/shawarkhanskofficial) (shawarkhan.com) for reporting this issue.

2016-06-20 beatsbydre.com

A cross-site request forgery issue was addressed. We would like to acknowledge Aaditya Purani of IET-SEAS (@aaditya_purani) for reporting this issue.

2016-06-17 itunes.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Cameron Dawe of Spam404 (@Spam404Online) and Abhishek Shroti (@Fake_Politics) for reporting this issue.

2016-06-03 foundationdb.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-06-03 beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-05-11 linkmaker.itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.

2016-05-11 support.apple.com

A server configuration issue was addressed. We would like to acknowledge Ye Yint Min Thu Htut (YGN Ethical Hacker group yehg.net) for reporting this issue.

2016-05-11 icloud.com

A server configuration issue was addressed. We would like to acknowledge Gary O'Leary-Steele (sec-1.com) and Graham Bacon (appcheck-ng.com) for reporting this issue.

2016-05-11 icloud.com

A server configuration issue was addressed. We would like to acknowledge Gary O'Leary-Steele of sec-1.com and Graham Bacon of appcheck-ng.com for reporting this issue.

2016-05-06 ecommerce.apple.com

A server configuration issue was addressed. We would like to acknowledge Sébastien Kaul for reporting this issue.

2016-05-05 itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge Akshay Jain (facebook.com/akshayjain011) for reporting this issue.

2016-05-05 itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge Akshay Jain (facebook.com/akshayjain011) for reporting this issue.

2016-04-27 apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-04-22 apple.com

A server configuration issue was addressed. We would like to acknowledge SaifAllah benMassaoud of Evolution Security GmbH - Government Laboratory (facebook.com/WhiteHatSecuri) for reporting this issue.

2016-04-20 trailers.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Edwin Foudil (edwinfoudil.com) for reporting this issue.

2016-04-20 jobs.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Cosmin Maier of Zeroday.pro Labs for reporting this issue.

2016-04-13 trailers.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Edwin Foudil (edwinfoudil.com) for reporting this issue.

2016-04-11 myaccess.apple.com

A server configuration issue was addressed. We would like to acknowledge Latish Danawale (facebook.com/latish.danawale.14) and Suraj Mulik (facebook.com/suraj.mulik) for reporting this issue.

2016-04-14 apple.com

A server configuration issue was addressed. We would like to acknowledge Ing. Darnhofer Armin of Optix-IO AG for reporting this issue.

2016-03-16 appleid.apple.com

A cross site scripting issue was addressed. We would like to acknowledge Mustafa Hasan (@strukt93) for reporting this issue.

2016-03-03 training.apple.com 

A cross-site scripting issue was addressed. We would like to acknowledge Sandeep Singh Rehal of NTT Europe for reporting this issue.

2016-03-02 wwdcservo.apple.com

A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.

2016-02-08 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2016-02-10 icloud.com

A server configuration issue was addressed. We would like to acknowledge Richard Shupak (linkedin.com/in/rshupak) for reporting this issue.

2016-02-10 icloud.com

A cross-site scripting issue was addressed. We would like to acknowledge Kieran Claessens (@KieranClaessens) for reporting this issue.

2016-02-08 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Kapil Soni (Haxinos) of Xowia Technologies, India for reporting this issue.

2016-02-08 volume.itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge Guilherme Scombatti (linkedin.com/in/guilhermescombatti) for reporting this issue.

2016-02-08 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Charfeddine Hamdi (@tws_charfeddine) of Tunisian WhiteHat Security for reporting this issue.

2016-02-04 filemaker.com

A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.

2016-02-04 rtc.euro.apple.com

A clickjacking issue was addressed. We would like to acknowledge Guilherme Scombatti (linkedin.com/in/guilhermescombatti) for reporting this issue.

2016-02-02 support.beatsmusic.com and support.burstly.com

A server configuration issue was addressed. We would like to acknowledge Harry M. Gertos for reporting this issue.

2016-02-01 presslogin.beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge Harsh Jaiswal (@rootxflood) & Rudra for reporting this issue.

2016-01-27 rtc.euro.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge  Mousab Elhag Hassan (facebook.com/mousab.elhag) of mousab.com and an anonymous researcher for reporting this issue.

2016-01-26 apple.com

A cross-site scripting issue was addressed. We would like to acknowledge U.Kiranvas Reddy (fb.com/Kiranreddyrebel) for reporting this issue.

2016-01-15 support.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jaanus Kääp of Clarified Security and Geoffrey Van Den Berge (@geoffreyvdberge) for reporting this issue.

2016-01-15 wikid.filemaker.com

A cross-site scripting issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.

2016-01-11 itunesconnect.apple.com

A server configuration issue was addressed. We would like to acknowledge Rameen Mashhoon (hackerone.com/rmashhoon) for reporting this issue.

2016-01-04 ets-web.filemaker.apple.com

A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Published Date: Fri Jun 22 01:51:51 GMT 2018