Apple recently patched a serious issue in its App Store and iTunes Store web apps that could have let a remote attacker inject malicious script code into invoices that come from Apple. The vulnerability was unearthed in June by Benjamin Kunz Mejri, a researcher with Vulnerability Lab, and reported to the Cupertino conglomerate. Apple did not respond to a request for comment but the company s most recent update to iTunes was deployed on June 30, suggesting Apple may have fixed the issue within the month.
Source: https://threatpost.com/apple-patches-remote-invoice-vulnerability-in-itunes-app-store/113989/