Apple Web Server notifications, 2013

This article provides credit to people who have reported potential security issues in Apple's web servers.

Credits

2013-12-20 register.euro.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Kirill Ermakov of Positive Technologies, Connor Spicer (linkedin.com/pub/connor-spicer/75/475/1b4), and E. Sanchez for reporting this issue.

2013-12-19 clearmater.apple.com

An insecure cookie issue was addressed. We would like to acknowledge Hassan El Hadary (linkedin.com/pub/hassan-el-hadary/20/4ab/53b) for reporting this issue.

2013-12-18 icloud.com

An SSL configuration issue was addressed. We would like to acknowledge Akash Jain (@jain_ak) for reporting this issue.

2013-12-18 itunespulse.com

A cross-site scripting issue was addressed. We would like to acknowledge Muhammad Talha Khan (facebook.com/MTK911) for reporting this issue.

2013-12-18 volume.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2013-12-18 iforgot.apple.com

An insecure cookie issue was addressed. We would like to acknowledge Shubham Raj (@xceptioncode) and Vedachala (@vedachalaka) for reporting this issue.

2013-12-16 iosdiags.apple.com

An information disclosure issue was addressed. We would like to acknowledge Riaz Ebrahim (linkedin.com/pub/riaz-ebrahim-cissp-ceh/3b/347/383) for reporting this issue.

2013-12-16 education.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge E. Sanchez for reporting this issue.

2013-12-13 icloud.com

An SSL configuration issue was addressed. We would like to acknowledge Kamil Sevi (@kamilsevi) for reporting this issue.

2013-12-12 vpp.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Ishan Anand (www.facebook.com/zero.access999) for reporting this issue.

2013-12-04 linkmaker.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge John Campbell of Yabla, Inc. for reporting this issue.

2013-11-24 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Andrei Neculaesei (algorithm.dk) for reporting this issue.

2013-11-21 airprint.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Shyam Jordan of Hicube Infosec Pvt.Ltd. for reporting this issue.

2013-11-20 supportform.apple.com

A server configuration issue was addressed. We would like to acknowledge Axel Schneider (facebook.com/axel.schneider.948) for reporting this issue.

2013-11-20 volume.itunes.apple.com

A credential handling issue was addressed. We would like to acknowledge Steven Harwood of the Corona Norco Unified School District for reporting this issue.

2013-11-10 info.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Alexandr Drozdov (linkedin.com/pub/alexandr-drozdov/59/a2/b79) for reporting this issue.

2013-11-05 consultants.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Akash Jain (@jain_ak) for reporting this issue.

2013-11-04 mfi.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Akash Jain (@jain_ak) for reporting this issue.

2013-11-04 gsp4-cn.ls.apple.com

A source code disclosure issue was addressed. We would like to acknowledge Andrew Pouliot of Facebook for reporting this issue.

2013-10-31 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Olivier Beg of olivierbeg.nl for reporting this issue.

2013-10-25 appleid.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.

2013-10-25 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Narendra Bhati (R00t Sh3ll The Untraceable) of Cyber Octet Pvt.Ltd for reporting this issue.

2013-10-22 icloud.com/keynote, icloud.com/pages, icloud.com/numbers

A cross-site scripting issue was addressed. We would like to acknowledge Gokmen GURESCI (gokmenguresci.com) for reporting this issue.

2013-10-21 appleid.apple.com

An insufficient authentication issue was addressed. We would like to acknowledge JATIN JAIN for reporting this issue.

2013-10-15 cctechchatwebapi.apple.com

A server configuration issue was addressed. We would like to acknowledge Axel Schneider (facebook.com/axel.schneider.948) for reporting this issue.

2013-10-14 expresslane.apple.com

Multiple cross-site scripting issues were addressed. We would like to acknowledge Ebrahim Hegazy (@Zigoo0) from Qcert.org, Oliver Gruskovnjak of Portcullis, Inc. (portcullis-security.com), Dylan E. Meador (@DylanMeador), Nikhil Srivastava (facebook.com/nik0spy) and Javid Hussain (twitter.com/javidhussain21) from TechDefence, Sergiu Dragos Bogdan, and David Hoyt of Hoyt LLC (xss.cx) for reporting these issues.

2013-10-13 getsupport.apple.com

A clickjacking issue was addressed. We would like to acknowledge Jayvardhan Singh (twitter.com/Silent_Screamr) for reporting this issue.

2013-10-11 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Masato Kinugawa for reporting this issue.

2013-10-11 myaccess.apple.com

A TLS renegotiation issue was addressed. We would like to acknowledge Tushar Rajhans Kumbhare (@tush2388) for reporting this issue.

2013-10-11 apple.com

A Flash cross-domain policy issue was addressed. We would like to acknowledge Abhinav Sejpal (@Abhinav_Sejpal) of PASS Technologies (pass.ch) for reporting this issue.

2013-10-09 consultants-locator.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Akash Jain (@jain_ak) for reporting this issue.

2013-10-08 mfi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge k T Ram Ganesh for reporting this issue.

2013-10-04 17.178.96.59

An SSL configuration issue was addressed. We would like to acknowledge Gena Makhomed of ideil.com for reporting this issue.

2013-10-03 jobs.apple.com

An information disclosure issue was addressed. We would like to acknowledge Kyle Brogle for reporting this issue.

2013-09-25 expresslane.apple.com, selfsolve.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Ali Hasan Ghauri | AHPT, Kamil Sevi (@kamilsevi), and Vikas Chopalli (@vikas115m) for reporting this issue.

2013-09-24 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Sahil Sehgal (breakingmesh.blogspot.com) for reporting this issue.

2013-09-20 daw.apple.com

A clickjacking issue was addressed. We would like to acknowledge Jigar Thakkar (@jigarthakkar39) of infobittechnologies.com, Ravikumar R. Paghdal (@_RaviRamesh) of the Shrimad Rajchandra Institute of Management and Computer Application, Vedachala (twitter.com/vedachalaka), Chandroliya Ravi Ghanashyam bhai (@ChandroliyaRavi), Sahil Dhar (facebook.com/dhar66), and Pralhad Chaskar of NII Consulting (@c0d3xpl0it) for reporting this issue.

2013-09-20 aatcportal.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Abhinav Karnawat of w4rri0r.com for reporting this issue.

2013-09-19 education.apple.com

A lack of encryption was addressed. We would like to acknowledge Vasudeva of Net-square solutions Pvt. ltd. for reporting this issue.

2013-09-19 ade.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Akash Jain (@jain_ak), India for reporting this issue.

2013-09-18 discussions.apple.com

An information disclosure issue was addressed. We would like to acknowledge Enguerran Gillier of OpnSec.com for reporting this issue.

2013-09-03 selfsolve.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2013-08-30 locationary.com

A clickjacking issue was addressed. We would like to acknowledge Manish Bhattacharya of Shobhit University for reporting this issue.

2013-08-30 bugreport.apple.com

A clickjacking issue was addressed. We would like to acknowledge Sahil Dhar (facebook.com/dhar66) for reporting this issue.

2013-08-30 bugreport.apple.com

An information disclosure issue was addressed. We would like to acknowledge Amy Worrall for reporting this issue.

2013-08-26 aatcportal.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Christy Philip Mathew - Offcon Info Security for reporting this issue.

2013-08-22 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jorge García Pérez (@jorgegarccia) for reporting this issue.

2013-08-20 discussions.apple.com

A clickjacking issue was addressed. We would like to acknowledge Manish Bhattacharya of manishbhattacharya.com and Ravikumar R. Paghdal (@_RaviRamesh) of the Shrimad Rajchandra Institute of Management and Computer Application for reporting this issue.

2013-08-20 store.apple.com

Cross-site scripting issues were addressed. We would like to acknowledge Jorge Luis Alvarez Medina, Ahmed Aboul-Ela (@_SecGeek) of Starware, and David Hoyt of Hoyt LLC Research for reporting these issues.

2013-08-15 offdig-ssl.ls.apple.com

A server configuration issue was addressed. We would like to acknowledge Osanda Malith Jayathissa (@OsandaMalith) for reporting this issue.

2013-08-15 developer.apple.com

A cross-site request forgery issue was addressed. We would like to acknowledge Bluebox Security (bluebox.com) for reporting this issue.

2013-08-15 discussions.apple.com

A server configuration issue was addressed. We would like to acknowledge Deepankar Arora (@sec403) and Nipun Jaswal (@nipunjaswal) of StartHack.com for reporting this issue.

2013-08-15 onetoone.apple.com

A mixed-content issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2013-08-14 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Saqib Kamran (saqibkamran.com) for reporting this issue.

2013-08-13 acn-members.apple.com

A server configuration issue was addressed. We would like to acknowledge Nikhil.P.Kulkarni (@nikchillz) of M.S.Ramaiah Institute of Technology for reporting this issue.

2013-08-13 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Evgeniy Tolmachev (@c3retc3) of Positive Research Lab for reporting this issue.

2013-08-09 devforums.apple.com

A mixed-content issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2013-08-05 acn-members.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Ucha Gobejishvili (twitter.com/longrifle0x) for reporting this issue.

2013-08-05 acn-members.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Akash Jain (@jain_ak), India for reporting this issue.

2013-08-05 acn-members.apple.com

A credential issue was addressed. We would like to acknowledge Mohamed Osman Saeed From Vision Valley Company (linkedin.com/pub/mohammed-saeed/40/887/84) for reporting this issue.

2013-08-01 supportprofile.apple.com

A cross-site request forgery issue was addressed. We would like to acknowledge Diamant Osmani for reporting this issue.

2013-08-01 iforgot.apple.com

An HTTP header injection issue was addressed. We would like to acknowledge Ebrahim Hegazy (@Zigoo0) from Qcert.org for reporting this issue.

2013-07-29 iCloud.com/mail

A stored cross-site scripting issue was addressed. We would like to acknowledge Ibrahim BALIC (Balich IT - balicbilisim.com) for reporting this issue.

2013-07-29 icloud.com

An application logic issue was addressed. We would like to acknowledge John Santoleri of StoneWork Capital LLC for reporting this issue.

2013-07-25 developer.apple.com

A stored cross-site scripting issue was addressed. We would like to acknowledge Ibrahim BALIC (Balich IT - balicbilisim.com) for reporting this issue.

2013-07-25 itunesconnect.apple.com

Nine stored cross-site scripting issues were addressed. We would like to acknowledge Ibrahim BALIC (Balich IT - balicbilisim.com) for reporting these issues.

2013-07-23 info.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2013-07-23 iCloud.com/calendar

A stored cross-site scripting issue was addressed. We would like to acknowledge Ibrahim BALIC (Balich IT - balicbilisim.com) for reporting this issue.

2013-07-22 iadworkbench.apple.com

An information disclosure issue was addressed. We would like to acknowledge Ibrahim BALIC (Balich IT - balicbilisim.com) for reporting this issue.

2013-07-19 icloud.com/calendar

A cross-site scripting issue was addressed. We would like to acknowledge Gokmen GURESCI (gokmenguresci.com) for reporting this issue.

2013-07-18 developer.apple.com

A remote code execution issue was addressed. We would like to acknowledge 7dscan.com, and SCANV of knownsec.com for reporting this issue.

2013-07-18 expresslane.apple.com

A remote code execution issue was addressed. We would like to acknowledge 7dscan.com for reporting this issue.

2013-07-18 consultants.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Olivier Beg of olivierbeg.nl and Yorrick Hardeman of Fanorg.net for reporting this issue.

2013-07-18 acn-members.apple.com

A directory traversal issue was addressed. We would like to acknowledge Mohamed Osman Saeed of Vision Valley Company (linkedin.com/pub/mohammed-saeed/40/887/84) for reporting this issue.

2013-07-18 acn-members.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Mohamed Osman Saeed of Vision Valley Company (linkedin.com/pub/mohammed-saeed/40/887/84) for reporting this issue.

2013-07-17 buyiphone.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2013-07-17 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nikhil Srivastava (facebook.com/nik0spy) and Javid Hussain (@javidhussain21) from TechDefence for reporting this issue.

2013-07-14 support.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Roy Castillo (roy-castillo.com) of Informatics Computer Institute - Cebu, Philippines, and Paweł Hałdrzyński for reporting this issue.

2013-06-27 devforums.apple.com

An information disclosure issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2013-06-27 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Narendra Bhati (R00t Sh3ll The Untraceable) of Cyber Octet Pvt.Ltd for reporting this issue.

2013-06-24 idmsa.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Timo Lins for reporting this issue.

2013-06-24 store.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Stefan Schurtz of darksecurity.de, David Hoyt of Hoyt LLC Research, Pobereznicenco Dan of rstforums.com, and Danalachi Sergiu for reporting this issue.

2013-06-23 service.info.apple.com

An access control issue was addressed. We would like to acknowledge Adrián Condes for reporting this issue.

2013-06-17 cctechchatwebapi.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Sebastian Neef & Tim Schäfers of (internetwache.org) for reporting this issue.

2013-06-16 supportform.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Bradley Johnson (about.me/bradley_johnson) and E. Sanchez for reporting this issue.

2013-06-13 abs.apple.com, csat.apple.com

A remote code execution issue was addressed. We would like to acknowledge Secbeta (t.qq.com/injecting) of WooYun.org for reporting this issue.

2013-06-12 support.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Florin, Jeison Maldonado, Rubén Díaz Alonso (@outime) of Rubutek, J. Francisco Bolívar of (linkedin.com/in/jfbolivar), Yasir Altaf Zargar of madleets.com, Mike Czumak of securitysift.com, Ajinkya Patil (@5nak3Eyes) of Avsecurity.in, Dragos Scarlatescu of the Romanian Security Team, Horatau Marius & Darius Petrescu of Romanian Security Team (rstforums.com), Dawid Bałut, Tarek Siddiki of Team Haxorsistz, Greg Wroblewski of Microsoft and MSVR, Umer Shakil of (twitter.com/umer_djzz), and Danish Tariq, Noman Ramzan and Ali hassan for reporting this issue.

2013-06-11 discussionskorea.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Frans Rosén from Detectify, and Danijel Maksimović (Brčko Distrikt , @maxon3) for reporting this issue.

2013-06-11 expresslane.apple.com

Multiple cross-site scripting issues were addressed. We would like to acknowledge Martin Hall of Microsoft, Ahmad Ashraff (@yappare), Nikhil Srivastava (facebook.com/nik0spy) and Javid Hussain (twitter.com/javidhussain21) from TechDefence, and Mohamed Ramadan of Attack-Secure.com for reporting these issues.

2013-06-05 developer.apple.com

A frame injection issue was addressed. We would like to acknowledge Yosuke Hasegawa of NetAgent Co., Ltd for reporting this issue.

2013-06-02 ara.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Vikas Chopalli and Naresh Chattala, Prasanna Mestha (facebook.com/djprasan) and Abhibandhu Kafle (facebook.com/bipin.kafle.10), Frederik Oddershede Markor of Surfshark, Damien Bancal of zataz.com, Monendra Sahu (twitter.com/mohitnitrr), Salvatore Menna Ancy, Mr. Mayank Bhatodra (facebook.com/iamyourfri3nd) and Anand Sundar Tiwari of (anandtiwarics.blogspot.in) for reporting this issue.

2013-06-02 ara.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Prasanna Mestha of Security Ghost Team (facebook.com/djprasan), Monendra Sahu (twitter.com/mohitnitrr), Mr. Mayank Bhatodra (facebook.com/iamyourfri3nd) and Sahil Sehgal for reporting this issue.

2013-06-02 ara.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Vikas Chopalli and Naresh Chattala for reporting this issue.

2013-05-30 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge REBIAI Ali Zinédine (twitter.com/z_reb) for reporting this issue.

2013-05-14 developer.apple.com

A server configuration issue was addressed. We would like to acknowledge Darius Petrescu (@akkiliON_) of Romanian Security Team for reporting this issue.

2013-05-13 support.apple.com

A clickjacking issue was addressed. We would like to acknowledge Javid Hussain (@javidhussain21) and Somana Syam Kumar for reporting this issue.

2013-05-13 support.apple.com

An HTTP header injection issue was addressed. We would like to acknowledge Yosuke Hasegawa of NetAgent Co., Ltd for reporting this issue.

2013-05-04 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge André Ferreira (From Leiria / ESDS) "White Hat Hacker" for reporting this issue.

2013-05-03 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Issam Rabhi (sites.google.com/site/issrabhi/) for reporting this issue.

2013-05-03 manuals.info.apple.com

An SQL injection issue was addressed. We would like to acknowledge Adrian Ivascu for reporting this issue.

2013-05-02 developer.apple.com

An information disclosure issue was addressed. We would like to acknowledge Griffin Francis and Nidhish Dave of BVCOE for reporting this issue.

2013-04-30 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Aditya Balapure (in.linkedin.com/in/adityabalapure/) for reporting this issue.

2013-04-30 itunes.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Richard Moulinneuf (portfolio.r-moulinneuf.fr) from ENI (Ãcole Nantaise en Informatique), Yngve N. Pettersen of Opera Software ASA, Sandeep Singh Rehal (facebook.com/lulzMmax), and Akash Jain (@jain_ak) for reporting this issue.

2013-04-29 apple.com

A mixed-content issue was addressed. We would like to acknowledge Russell Sullivan for reporting this issue.

2013-04-24 qtdevseed.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Ermakov Kirill of Positive Technologies for reporting this issue.

2013-04-23 investors.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge John at tghc.co - @n0x00 for reporting this issue.

2013-04-22 discussionsjapan.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Ali Hasan Ghauri - AHPT for reporting this issue.

2013-04-19 store.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Camilo Galdos AkA Dedalo of Open-Sec, Malte Batram of batr.am, hip of insight-labs.org, and Wong Chieh Yie (@wcypierrenet) for reporting this issue.

2013-04-12 itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Masato Kinugawa for reporting this issue.

2013-04-12 rtc.euro.apple.com

A server configuration issue was addressed. We would like to acknowledge devesh bhatt (#deveshbhatt11) for reporting this issue.

2013-04-11 discussionschinese.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Masato Kinugawa for reporting this issue.

2013-04-11 canadaapp.apple.com

A remote code execution issue was addressed. We would like to acknowledge Andrey Medov of Positive Technologies for reporting this issue.

2013-04-11 ssl.apple.com

A server configuration issue was addressed. We would like to acknowledge Sunil Dadhich (@Sunil_Dadhich7) for reporting this issue.

2013-04-10 daw.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Christian Lopez Martin (phr0nak) from insertco.in for reporting this issue.

2013-04-08 discussions.apple.com

A mixed-content issue was addressed. We would like to acknowledge Jack "fin1te" W of fin1te.net for reporting this issue.

2013-04-03 swscan.apple.com

An SSL renegotiation issue was addressed. We would like to acknowledge Jeff Jarmoc (@jjarmoc) for reporting this issue.

2013-04-03 madeforipodandiphone.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Rishal Dwivedi (रिशाल द्विवेदी) and Manjot Singh (मनजोत सिंह) for reporting this issue.

2013-04-02 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Kamil Sevi (@kamilsevi) for reporting this issue.

2013-03-30 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Bilal K of ZentrixPlus.net and Gerardo Salazar of openwiresec.com for reporting this issue.

2013-03-22 iforgot.apple.com

A password reset issue was addressed. We would like to acknowledge Vaibhav Khatke of Syntel inc for reporting this issue.

2013-03-22 consultants-locator.apple.com

An out-of-date software issue was addressed. We would like to acknowledge Mayur Lohite of mayurlohite.blogspot.in for reporting this issue.

2013-03-21 help.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Masato Kinugawa for reporting this issue.

2013-03-19 iphone-wu.apple.com

An XML external entity processing issue was addressed. We would like to acknowledge Artem Chaykin of Positive Technologies for reporting this issue.

2013-03-15 webclass.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Sergey Bobrov of Positive Research (ptsecurity.com/research/advisory/) and Vikas Chopalli for reporting this issue.

2013-03-15 genifp.apple.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research and E Sanchez for reporting this issue.

2013-03-14 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Tushar Rajhans Kumbhare of defencely.com for reporting this issue.

2013-03-13 education.apple.com

A cross-site scripting issue and an SQL injection issue were addressed. We would like to acknowledge Vasudeva of Net-square solutions Pvt. ltd. for reporting these issues.

2013-03-12 myinfo.apple.com

A TLS renegotiation issue was addressed. We would like to acknowledge Yngve N. Pettersen of Opera Software ASA for reporting this issue.

2013-03-06 ade.apple.com

A site misconfiguration issue was addressed. We would like to acknowledge Tushar Rajhans Kumbhare of defencely.com for reporting this issue.

2013-03-05 evaluatemacs.apple.com

An information disclosure issue was addressed. We would like to acknowledge Malte Batram of batr.am for reporting this issue.

2013-03-04 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Milan Bačkonja for reporting this issue.

2013-03-04 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Dmitriy Serebryannikov (@dsrbr) of Positive Technologies, Siddhesh Gawde (facebook.com/pen3t3r) and Fabián Cuchietti (ar.linkedin.com/in/fabiancuchietti/) for reporting this issue.

2013-02-28 daw.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Ahmed Mohamed Hassan Aboul-Ela of Starware for reporting this issue.

2013-02-27 iforgot.apple.com

A password reset issue was addressed. We would like to acknowledge ankit bharathan (lonely-hacker) for reporting this issue.

2013-02-16 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Fernando Muñoz from nullgroup.com for reporting this issue.

2013-02-15 developer.apple.com

An HTTPS configuration issue was addressed. We would like to acknowledge Nikhil.P.Kulkarni (@nikchillz) of Break The Security team for reporting this issue.

2013-02-15 volume.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Yuji Kosuga for reporting this issue.

2013-02-12 appleid.apple.com

Security questions no longer autocomplete. We would like to acknowledge JATIN JAIN for suggesting this enhancement.

2013-02-11 apple.com/support/security/pgp

A mixed-content issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2013-02-11 concierge.apple.com

A mixed-content issue was addressed. We would like to acknowledge Ari Rubinstein for reporting this issue.

2013-02-11 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mohamed Ramadan from Attack-Secure.com for reporting this issue.

2013-02-11 aatcportal.apple.com

An information disclosure issue was addressed. We would like to acknowledge Christy Philip Mathew of Zimperium, Inc for reporting this issue.

2013-02-08 rugby.apple.com

A file-existence disclosure issue was addressed. We would like to acknowledge Chema Alonso and José Miguel Soriano of Informatica64.com for reporting this issue.

2013-02-07 consultants.apple.com

An SQL injection issue was addressed. We would like to acknowledge Evgeny Ermakov (@crw__) of Positive Technologies for reporting this issue.

2013-02-05 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Fernando Muñoz Sánchez from Null Group nullgroup.com/ for reporting this issue.

2013-02-04 consultants.apple.com

An information disclosure issue was addressed. We would like to acknowledge Malte Batram of batr.am for reporting this issue.

2013-01-31 trailers.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Subhash Dasyam, Jinen Patel, and Mukesh Chowdary of hicubes.com for reporting this issue.

2013-01-29 jobs.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Frans Rosén from Detectify for reporting this issue.

2013-01-28 deimos.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2013-01-25 developer.apple.com

An open redirect issue was addressed. We would like to acknowledge Christian Seifert of Deutsche Telekom for reporting this issue.

2013-01-25 apple.com

A mixed-content issue was addressed. We would like to acknowledge SiddhartH SolankI of hackforsecurity.com for reporting this issue.

2013-01-23 itunes.apple.com

Active content is now served over HTTPS by default. We would like to acknowledge Bernhard 'Bruhns' Brehm of Recurity Labs, Elie Bursztein of Google, and Rahul Iyer of Bejoi LLC for reporting this issue.

2013-01-18 daw.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Shubham Mittal of 3ncrypt0r.blogspot.com for reporting this issue.

2013-01-18 developer.apple.com

A mixed-content issue was addressed. We would like to acknowledge David Benjamin of the Massachusetts Institute of Technology and Louis Romero (@Arcank) for reporting this issue.

2013-01-14 consultants.apple.com

An HTTP response splitting issue was addressed. We would like to acknowledge Prakhar Prasad of Security Pulse for reporting this issue.

2013-01-14 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Danijel Maksimović (@MaXoN3) for reporting this issue.

2013-01-14 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mirza Burhan Baig of blackbitz.net for reporting this issue.

2013-01-09 ade.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Prakhar Prasad of Security Pulse and National Anti-Hacking Group, and an anonymous researcher for reporting this issue.

2013-01-08 *.apple.com

TLS renegotiation issues were addressed on multiple Apple webservers. We would like to acknowledge Yngve N. Pettersen of Opera Software ASA for reporting these issues.

2013-01-08 edseminars.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Rafay Baloch of rafayhackingarticles.net for reporting these issues.

2013-01-04 canadaedu.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2013-01-04 consultants.apple.com

A source code disclosure issue was addressed. We would like to acknowledge Clint Ruoho of Laconic Security for reporting this issue.

2013-01-03 help.apple.com/ipad

An information disclosure issue was addressed. We would like to acknowledge Pradeep Jairamani (Black_Eagle) and Gurjant Singh (Godhacker_IHOS) for reporting this issue.

Web Server notifications by year

For information about Apple Web Server notifications from previous years, see these documents:

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Published Date: