back to article Bug hunter reveals Apple iTunes, Mac app store receipt deceit

Vulnerability Lab founder Benjamin Kunz Mejri says he's found a security bug in Apple's Mac and iOS app stores that could be exploited to inject malicious JavaScript code into victims' web browsers. Mejri reported the "application-side input validation web vulnerability" to Apple in early June, and went public with details of …

  1. Anonymous Coward
    Happy

    Well someone has to...

    https://xkcd.com/327/

    1. theModge
      Thumb Up

      Re: Well someone has to...

      I still laugh every time I see that.

  2. Anonymous Coward
    Anonymous Coward

    Huh?

    If you can get physical access to someone's iPhone and change the device name, there are plenty of bad things you could do. This seems like a pretty roundabout way of doing something that would no doubt be simpler if you did it directly when you had access.

    1. AndyS

      Re: Huh?

      True, but it doesn't change the fact that the data isn't sanitised.

      There is also the other side of the coin - people other than the purchaser may view the receipt. It would be a good way of hacking somebody who is selling things, for example. Change your device name, buy something, then raise a query and ask them to view your invoice.

    2. Infidellic_

      Re: Huh?

      The article says Apple staff and sellers might view the invoice, so I'd change my device name to compromise *them* not myself

  3. Velv
    Devil

    Don't worry, it'll be fixed in the next OS release which will be available shortly to buy from the App Store...

    1. Anonymous Coward
      Anonymous Coward

      I really need to write that guide to proper trolling. This is so weak, "pathetic" is still too much of a compliment.

      Put some effort in it, please.

      1. Anonymous Coward
        Anonymous Coward

        Yeah... your Mum loves Micro$$$$$oft and you do too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like