Silent Breach finds vulnerability on Apple iTunes servers

XSS found on iTunes servers

Apple Inc. just confirmed patching their servers for a cross scripting issue (XSS) reported by Silent Breach Inc. in July 2017.
Following Apple's instructions, Silent Breach has waited until the vulnerability was addressed before disclosing it publicly. 

The vulnerability affected Apple's iTunes platform for universities, making it possible for an attacker to inject client-side code into web pages viewed by other users. A cross-site scripting attack may be used by hackers to bypass access controls such as the same-origin policy

Silent Breach Inc would like to thank Apple Inc. for acknowledging and crediting our research team on their web security notification page: (Ref: 2017-07-08)

Learn more about Silent Breach's 0-day research lab.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.