I’ve emailed the Apple security guys a while ago about a couple of XSS security holes on their websites. I almost forgot about it because I didn’t get a message that said “Ok, it’s fixed”. Well, I just went to the Apple Web Server notifications page and what do you know? Two new entries thanking me for telling them about the XSS holes. Nice, so my count is up to 4 now on that page. Here’s what they say:
2007-09-26 education.apple.comA cross-site scripting issue was addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting the issue.
2007-09-26 edcommunity.apple.com
Two individual cross-site scripting issues were addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting these issues.