Critical Persistent Injection Vulnerability in Apple App Store and iTunes

July 27, 2015

A critical vulnerability has been discovered in the official Apple’s App Store and iTunes Store, affecting millions of Apple users.

Vulnerability-Lab Founder and security researcher Benjamin Kunz Mejri discovered an Application-Side input validation web vulnerability that actually resides in the Apple App Store invoice module and is remotely exploitable by both sender as well as the receiver.

The vulnerability, estimated as high in severity, has been reported to Apple Security team on June 9, 2015 and the company patched the issue within a month.

Read full story…