Apple Web Server notifications, 2015

This article provides credit to people who have reported potential security issues in Apple's web servers.

Credits

2015-12-17 pro.topsy.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-12-17 topsy.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-12-17 topsy.com

A server configuration issue was addressed. We would like to acknowledge Bill Cave for reporting this issue.

2015-12-17 topsy.com

A server configuration issue was addressed. We would like to acknowledge Sindhuja Sane (facebook.com/sindhuja.reddy.137) for reporting this issue.

2015-12-17 topsy.com

A server configuration issue was addressed. We would like to acknowledge Muhammad Shahmeer for reporting this issue.

2015-12-17 topsy.com

A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-12-17 pro.topsy.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-12-15 topsy.com

A cross-site request forgery issue was addressed. We would like to acknowledge Zeyad Khaled Mohamed (@zeyadk99) for reporting this issue.

2015-12-15 pro.topsy.com

A server configuration issue was addressed. We would like to acknowledge Hardik Tailor (@iamhardiktailor) (facebook.com/hardik.tailor.hkr) for reporting this issue.

2015-12-15 pro.topsy.com

A server configuration issue was addressed. We would like to acknowledge Hardik Tailor (@iamhardiktailor) (facebook.com/hardik.tailor.hkr) for reporting this issue.

2015-12-15 pro.topsy.com

A server configuration issue was addressed. We would like to acknowledge Hardik Tailor (@iamhardiktailor) (facebook.com/hardik.tailor.hkr) for reporting this issue.

2015-12-01 ets-web.filemaker.com

A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.

2015-12-01 filemaker.com

A server configuration issue was addressed. We would like to acknowledge Ahmed Adel Abdelfattah (facebook.com/00SystemError00) for reporting this issue.

2015-12-01 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Hadji Samir of Evolution Security GmbH - Vulnerability Laboratory and Mohamed Khaled Fathy (facebook.com/Squnity) for reporting this issue.

2015-11-18 id.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mazen Gamal Mesbah (@MazenGamal) for reporting this issue.

2015-11-17 selfsolve.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Roberto Zanga (facebook.com/Liau180912) for reporting this issue.

2015-11-13 apple.com/feedback

A server configuration issue was addressed. We would like to acknowledge Jose Carlos Exposito Bueno of 0xlabs for reporting this issue.

2015-11-04 aoschat.apple.com

A server configuration issue was addressed. We would like to acknowledge Sam Edward Gaikwad (facebook.com/imzephyr) and Lazy King (zubairhasan.pro) for reporting this issue.

2015-10-29 getsupport.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Thomas GUITTONNEAU for reporting this issue.

2015-10-26 support.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mohammad Ben-Amoor of LMaster team for reporting this issue.

2015-10-26 support.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Tatsuki Maekawa of Gehirn Inc. for reporting this issue.

2015-10-21 beatsbydre.com

A server configuration issue was addressed. We would like to acknowledge Ahmed Abdalla Fathi (fb.com/mr.alexseve) for reporting this issue.

2015-10-21 ecommerce.apple.com 

A cross-site scripting issue was addressed. We would like to acknowledge Takeshi Terada of Mitsui Bussan Secure Directions, Inc. for reporting this issue.

2015-10-21 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Prem Kumar (@iAmPr3m) for reporting this issue.

2015-10-13 help.filemaker.com

A cross-site scripting issue was addressed. We would like to acknowledge Sumit Sahoo (facebook.com/54H00) for reporting this issue.

2015-10-09 icloud.com

A server configuration issue was addressed. We would like to acknowledge Abdulraheem Khaled bin el waled for reporting this issue.

2015-10-08 support.apple.com

A server configuration issue was addressed. We would like to acknowledge Jordy Zomer (jordyzomer.nl) for reporting this issue.

2015-10-08 support.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-10-07 support.apple.com

A server configuration issue was addressed. We would like to acknowledge James Tucker of Google for reporting this issue.

2015-10-05 challengebasedlearning.org

A clickjacking issue was addressed. We would like to acknowledge Michal Koczwara (linkedin.com/in/michalkoczwara), Muhammad Osama (facebook.com/profile.php?id=100001183774319), and Jay Patel (facebook.com/jaypatel9717) for reporting this issue.

2015-10-01 beatsbydre.com

A cross-site scripting issue was addressed. We would like to acknowledge Noah Wilcox of CraterDesigns.com for reporting this issue.

2015-09-28 developer.filemaker.com

A cross-site scripting issue was addressed. We would like to acknowledge Kévin Valentin Vigerie for reporting this issue.

2015-09-25 topsy.com

A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher and an anonymous researcher for reporting this issue.

2015-09-25 devforums.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Siddhesh Gawde (facebook.com/pen3t3r) for reporting this issue.

2015-09-25 ecommerce.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Kacper Rybczyński of kacperrybczynski.com for reporting this issue.

2015-09-23 cctechchatwebapi.apple.com

A server configuration issue was addressed. We would like to acknowledge Kieran Claessens (kieranclaessens.be) for reporting this issue.

2015-09-22 contentdelivery.itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge @TwitterSecurity for reporting this issue.

2015-09-21 idmsa.apple.com

A server configuration issue was addressed. We would like to acknowledge Aditya Balapure (in.linkedin.com/in/adityabalapure) and Hammad Qureshi (Dig8labs.com) for reporting this issue.

2015-09-16 erp.apple.com

A server configuration issue was addressed. We would like to acknowledge Rafael Fontes Souza (linkedin.com/in/rafaelfontessouza) of Cipher Intelligence Labs for reporting this issue.

2015-09-16 configuration.apple.com

A server configuration issue was addressed. We would like to acknowledge Ayoub Fathi for reporting this issue.

2015-09-16 jobs.apple.com

An information disclosure issue was addressed. We would like to acknowledge Jean-Pierre Mouilleseaux for reporting this issue.

2015-09-04 iforgot.apple.com

A server configuration issue was addressed. We would like to acknowledge Kiran Karnad (@ipentest), Basava Gowda (facebook.com/basava.sb), Ali Kabeel (kabeel.com), Raghavendra Yadav, and Yu-Cheng Lin (@AndroBugs) for reporting this issue.

2015-09-04 itunesconnect.apple.com

A cross-site request forgery issue was addressed. We would like to acknowledge @RonMasas for reporting this issue.

2015-09-04 itunesconnect.apple.com

An open redirect issue was addressed. We would like to acknowledge @RonMasas for reporting this issue.

2015-09-04 apple.com

A mail server configuration issue was addressed. We would like to acknowledge Abdul Haq Khokhar (@abdulhaqkhokhar) of Haqtify.com, Yash pandya (yashpandyasecuritytester.blogspot.com), Jatin Bhatodra of MITSOM (Pune), Ketan Patil (linkedin.com/pub/ketan-patil/14/863/805) of infobittechnologies.com, karthikeyan K (linkedin.com/in/karthikeyan1337), Christoph Nehring, and an anonymous researcher for reporting this issue.

2015-08-28 iadworkbench.apple.com

A clickjacking issue was addressed. We would like to acknowledge Jayvardhan Singh (@Silent_Screamr) for reporting this issue.

2015-08-27 appleid.apple.com

A server configuration issue was addressed. We would like to acknowledge Chris Saldanha (@ChristoDeluxe) of Shopify Inc. for reporting this issue.

2015-08-24 burstly.com

A server configuration issue was addressed. We would like to acknowledge Pulkit Pandey (@pulkitpandey92) for reporting this issue.

2015-08-24 topsy.com

A cross-site scripting issue was addressed. We would like to acknowledge Rodolfo Godalle, Jr. (facebook.com/junior.ns1de) for reporting this issue.

2015-08-27 itunesconnect.apple.com

An information disclosure issue was addressed. We would like to acknowledge Simon Nishi McCorkindale of FUNX for reporting this issue.

2015-08-27 itunesu.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Spencer Gietzen of San Diego State University and Ameen Saleminik of Cal High for reporting this issue.

2015-08-21 burstly.com

A server configuration issue was addressed. We would like to acknowledge an Kaustubh G. Padwad (@s3curityb3ast) for reporting this issue.

2015-08-20 asw.apple.com

A server configuration issue was addressed. We would like to acknowledge Muhammad Shahzad (pk.linkedin.com/in/mbinshahzad) for reporting this issue.

2015-08-11 apple.com

An input validation issue was addressed. We would like to acknowledge Benjamin Kunz Mejri of Evolution Security GmbH for reporting this issue.

2015-08-05 metaio.com

A clickjacking issue was addressed. We would like to acknowledge C Vishnu Vardhan Reddy (facebook.com/vishnu.dfx) for reporting this issue.

2015-07-28 www.itunespulse.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-07-28 topsy.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-07-28 itunespulse.com

A content spoofing issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-07-28 itunespulse.com

A clickjacking issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-07-27 beatsbydre.com

A cross-site scripting issue was addressed. We would like to acknowledge Saurabh Pundir (facebook.com/sauby007) of Torrid Networks Pvt Ltd. for reporting this issue.

2015-07-23 support.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Hadji Samir of Evolution Security GmbH for reporting this issue.

2015-07-08 beatsbydre.com

A cross-site scripting issue was addressed. We would like to acknowledge Osanda Malith Jayathissa - ඔසඳ මාලිත් ජයතිස්ස (@OsandaMalith), Shrey Sethi (PioNeer Haxs, facebook.com/shreysethi56), and Kevin Tram (facebook.com/Chris.yolor) for reporting this issue.

2015-07-08 albert.apple.com

A server configuration issue was addressed. We would like to acknowledge Alexander Traud of traud.de for reporting this issue.

2015-07-01 itunesu.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Hadji Samir of Evolution Security GmbH for reporting this issue.

2015-06-25 consultants.apple.com

A directory traversal issue was addressed. We would like to acknowledge Amit Kumar (linkedin.com/in/Hitman) of Tula's Institute, Dehradun for reporting this issue.

2015-06-24 devforums.apple.com

A cross-site request forgery issue was addressed. We would like to acknowledge Lukas Reschke of Nextcloud GmbH for reporting this issue.

2015-06-24 marketresearch.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-06-23 pro.topsy.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-06-23 filemaker.com

A cross-site scripting issue was addressed. We would like to acknowledge Yogesh Tantak (facebook.com/ytantak1), Shrikant Bagdanen (facebook.com/ShrikantRaje), and Sunil Bhamare (facebook.com/sunil2809) for reporting this issue.

2015-06-19 aoschat.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt (xss.cx) for reporting this issue.

2015-06-18 challengebasedlearning.org

An information disclosure issue was addressed. We would like to acknowledge Max Prietzel for reporting this issue.

2015-06-10 solutions.filemaker.com

An SQL injection issue was addressed. We would like to acknowledge Blancke Enzo of Oostrozebeke, Belgium (facebook.com/enzo.blancke) for reporting this issue.

2015-06-09 airprint.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Hardik Tailor (@iamhardiktailor - facebook.com/hardik.tailor.hkr) and Pulkit Pandey (@pulkitpandey92) for reporting this issue.

2015-06-09 airprint.apple.com

A credential handling issue was addressed. We would like to acknowledge Hardik Tailor (@iamhardiktailor - facebook.com/hardik.tailor.hkr) for reporting this issue.

2015-06-08 itunesu.itunes.apple.com

A stored cross-site scripting issue was addressed. We would like to acknowledge Tameem Safi (safi.me.uk) for reporting this issue.

2015-06-08 pro.topsy.com

An insecure session cookie was addressed. We would like to acknowledge Jose Rabal Sastre (joserabal.com) and Mo'men Basel (MomenBasel.com) for reporting this issue.

2015-06-04 topsy.com

A cross-site scripting issue was addressed. We would like to acknowledge Amit A Shora of Global Artificial Solution (facebook.com/amit.sohara) for reporting this issue.

2015-06-02 discussions.apple.com

A content spoofing issue was addressed. We would like to acknowledge Joel Melegrito of Invalid Web Security for reporting this issue.

2015-06-01 deploy.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nabeel Ahmed of Dimension Data Belgium for reporting this issue.

2015-05-28 itunesu.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Michael Stolarz for reporting this issue.

2015-05-28 store.apple.com

A stored cross-site scripting issue was addressed. We would like to acknowledge Wang Jing (tetraph.com/wangjing/), Balaji P R (balag.in and linkedin.com/in/balagpy), Christopher Dreher (@schniggie), Osman Doğan (@osmand0gan and linkedin.com/profile/view?id=113218663), Mahmoud El Manzalawy (@is4curity), and Alexandre V Pessoa for reporting this issue.

2015-05-28 itunesu.itunes.apple.com

A stored cross-site scripting issue was addressed. We would like to acknowledge Yashar Ghaffarloo for reporting this issue.

2015-05-22 itunesconnect.apple.com 

A session management issue was addressed. We would like to acknowledge Renato Ribeiro (renatoribeiro.me) for reporting this issue.

2015-05-20 deploy.apple.com

An open redirect issue was addressed. We would like to acknowledge Fady S. Ghatas of TiTrias.com for reporting this issue.

2015-05-13 static.ips.apple.com

A server configuration issue was addressed. We would like to acknowledge Ryan Dolan "dangerdwolf" for reporting this issue.

2015-05-04 discussion.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-05-04 discussion.apple.com

A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-05-01 hopstop.com

A server configuration issue was addressed. We would like to acknowledge Vishwaraj Bhattrai (vishwarajbhattrai.wordpress.com/author/vishwaraj67/) for reporting this issue.

2015-04-29 support.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Tsubasa Iinuma (@llamakko_cafe) for reporting this issue.

2015-04-14 sscontent.apple.com

A server configuration issue was addressed. We would like to acknowledge Jesse Mikael Järvi of jessejarvi.net for reporting this issue.

2015-04-06 topsy.com

A cross-site scripting issue was addressed. We would like to acknowledge Amit A Shora of Global Artificial Solution and Peter Ellehauge of Yahoo paranoids for reporting this issue.

2015-04-05 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Hat_Mast3r (facebook.com/HatMast3r) for reporting this issue.

2015-04-05 download.info.apple.com

A server configuration issue was addressed. We would like to acknowledge Omar Benbouazza (@omarbv) of Microsoft and MSVR for reporting this issue.

2015-04-03 ade.apple.com

A server configuration issue was addressed. We would like to acknowledge Ali Wamim Khan for reporting this issue.

2015-03-20 widgets.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge lokihardt@ASRT working with HP's Zero Day Initiative for reporting this issue.

2015-03-12 discussions.apple.com

A web configuration issue was addressed. We would like to acknowledge Kieran Claessens (facebook.com/dark.inside.one) for reporting this issue.

2015-02-11 downloads.topsy.com

A DNS issue was addressed.  We would like to acknowledge Mohit Gupta (@amohitgupta1) for reporting this issue.

2015-02-10 feeds.itunes.apple.com

A server configuration issue was addressed. We would like to acknowledge Imran Ghory (@imranghory) for reporting this issue.

2015-02-05 support.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.

2015-02-02 airprint.apple.com

Cross-site request forgery issues were addressed. We would like to acknowledge Momen Basel (@MomenBassel) for reporting this issue.

2015-01-21 supportprofile.apple.com

A clickjacking issue was addressed. We would like to acknowledge Yashar Ghaffarloo (yashar.org) for reporting this issue.

2015-01-21 discussions.apple.com

A stored cross-site scripting issue was addressed. We would like to acknowledge Deepanker Chawla (deepanker.in) for reporting this issue.

2015-01-15 itunespulse.com

A cross-site request forgery vulnerability was addressed. We would like to acknowledge Paul Seekamp (linkedin.com/in/paulseekamp) for reporting this issue.

2015-01-15 itunespulse.com

Cross-site request forgery issues were addressed. We would like to acknowledge Paul Seekamp (linkedin.com/in/paulseekamp) for reporting this issue.

2015-01-15 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Kaustubh G. Padwad (@s3curityb3ast) for reporting this issue.

2015-01-14 itunesu.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Gökay Gündoğan of gokaygundogan.com.tr for reporting this issue.

2015-01-12 consultants.apple.com

An SQL injection issue was addressed. We would like to acknowledge Hat_Mast3r (facebook.com/HatMast3r) for reporting this issue.

2015-01-07 ac-netstorage.apple.com

A web configuration issue was addressed. We would like to acknowledge Kristian Erik Hermansen of Undisclosed Ventures for reporting this issue.

2015-01-05 hopstop.com

An SSL configuration issue was addressed. We would like to acknowledge Milan A Solanki (Facebook.com/Mas.Hackers) and an anonymous researcher for reporting this issue. 

2015-01-05 hopstop.com

A configuration issue was addressed. We would like to acknowledge Milan A Solanki (facebook.com/Mas.Hackers) for reporting this issue.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Yayın Tarihi: Thu Feb 15 23:02:36 GMT 2018