14 DAY TRIAL // Security researcher Shadab Siddiqui, who has recently become part of the Vulnerability Lab, identified multiple blind SQL Injection vulnerabilities on the Education Seminars & Events website owned by Apple. After being informed about it, the company rushed to address the issues.
If left unaddressed, the critical flaws that existed in the Apple Customer Website (Web-Server) Service Application could have been remotely exploited by an attacker, allowing him to execute his own malicious SQL commands.
As a result, the site’s database management system, the service, and the application could have been compromised.
The issues were reported to Apple on March 13 and they were fixed yesterday, March 28.
Tech savvy users can check out the detailed proof of concept provided by Vulnerability Lab here.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.