14 DAY TRIAL // Vulnerability-Lab claims to have discovered a vulnerability on Apple’s official web site that would allow an attacker to hijack the platform.
According to Vulnerability-Lab, “A non-persistent cross site scripting vulnerability is detected on the famous Apple vendor website portal.”
The company claims that “Successful exploitation of the vulnerability allows an attacker to hijack user/mod/admin sessions of the portal.”
The security risk of the reflective xss vulnerabilities are deemed non-critical, but they’re not low either, according to the firm. They’re “medium.”
They credit vulnerability Research Laboratory Alexander Fuchs (f0X23) for discovering the flaw. It is unclear what is being done to patch this, but it should be fair to assume Apple is on the case already.
Those who believe they can provide more information (as in they know their way around security advisories such as this one) are invited to shed more light in the comments.