Silent Breach finds vulnerability on Apple iTunes servers

XSS found on iTunes servers


Apple Inc. just confirmed patching their servers for a cross scripting issue (XSS) reported by Silent Breach Inc. in July 2017. Following Apple's instructions, Silent Breach has waited until the vulnerability was addressed before disclosing it publicly. 

The vulnerability affected Apple's itunes platform for universities, making it possible for an attacker to inject client-side code into web pages viewed by other users. A cross-site scripting attack may be used by hackers to bypass access controls such as the same-origin policy

Silent Breach Inc would like to thank Apple Inc. for acknowledging and crediting our research team on their web security notification page: https://support.apple.com/en-us/HT201536 (Ref: 2017-07-08)

Silent Breach 0-day research lab