On that whole SQL injection thing, here’s an interesting one I found while stumbling around researching today.

Hmm…What’s that all about? Any more pages like this? Let’s see!

Well, yeah. There’s err, a few.

I found a some more, and it doesn’t seem like a huge amount, but something that Apple should certainly clean up.

itunes.apple.com/us/podcast/turkish/id161320202
itunes.apple.com/pl/podcast/cuneyt/id152442304
itunes.apple.com/kr/podcast/belgesel-title-script-src/id206817953

These pages have live malware on them…

(There may be more but it’s Saturday evening and I have a life.)

Alex Eckelberry

• Fake spam Apple iTunes Store emails lead to dodgy sites
  PandaLabs has warned of a spam scam involving genuine looking Apple iTunes Store receipts. View full post on Network World on Security...
• Fake Apple iTunes Receipts Used as Malware Tool (PC Magazine)
  PC Magazine - PandaLabs said Monday that the company has discovered fake iTunes receipts that have begun to be sent to users in an attempt to steal personal details. View full post on Yahoo! News: ...
• Apple Releases Two Security Updates (One for OSX, One for iTunes) : http://support.apple.com/kb/HT4312 and http://support.apple.com/kb/HT4328, (Fri, Sep 3rd)
  -- John Bambenek bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License. View full post on SAN...
• PayPal, Apple Servers Not Compromised in iTunes Hacks
  There have been a number of reports in recent days about iTunes customers who have uncovered unauthorized purchases on their accounts. A Wednesday blog post from PayPal, however, said that the problem...
• Apple can’t stop ongoing iTunes charge scam
  Users of Apple's iTunes services should keep a close eye on PayPal and credit card statements for fraudulent iTunes charges. View full post on Computerworld Security News...
• Apple iTunes 9.2.1 Fixes One Critical Hole
  A single critical vulnerability in the Windows version of iTunes 9.2 is fixed in the just-released version 9.2.1. View full post on PCMag.com Security Coverage...
• Report: Apple iTunes Hack Affected 400 Users Out of 150M
  A recent hack of Apple iTunes accounts reportedly only affected about 400 of the service's approximately 150 million users. View full post on PCMag.com Security Coverage...
• Apple Boots Alleged iTunes Hacker: How to Stay Safe
  A Vietnamese-based iPhone application developer may have recently bilked unsuspecting iPhone users out of hundreds of dollars in an apparent hack of the iTunes App Store. The apparent scam became publ...
• Apple Gives Alleged iTunes Hacker the Boot (PC World)
  PC World - A Vietnamese-based iPhone application developer may have recently bilked unsuspecting iPhone users out of hundreds of dollars in an apparent hack of the iTunes App Store. View full post ...
• Apple iTunes Accounts Hacked, But Is This New?
  Scammers are grabbing users' accounts on the Apple iTunes and App Stores and using them to buy items. At this point it seems likely this is all just to increase the popularity and visibility of those ...