A critical flaw has been discovered in Apple's App Store and iTunes invoice system which could result in session hijacking and malicious invoice manipulation.
Revealed this week by security researcher Benjamin Kunz Mejri from Vulnerability Lab, the persistent injection flaw, deemed critical, is an application-side input validation web vulnerability. In an advisory, the researcher said the vulnerability allows remote attackers to inject malicious script codes into flawed content function and service modules. According to Mejri, an attacker can exploit the flaw by manipulating a name value within the invoice module through an exchange of malicious, scripted code.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland