Bug hunter reveals Apple iTunes, Mac app store receipt deceit

Inject evil JavaScript code via the device name? Don't mind if we do

Vulnerability Lab founder Benjamin Kunz Mejri says he's found a security bug in Apple's Mac and iOS app stores that could be exploited to inject malicious JavaScript code into victims' web browsers."