A 16-year-old Spanish Whitehat hacker going by name “The Pr0ph3t” found XSS Vulnerability on Apple website. Vulnerability reported in Apple sub domain – https://locate.apple.com, where users can choose a service center location. Hackers captured HTTP headers and found that there is a parameter called “location” which is actually not filtered for malicious inputs. The vulnerability may be used by attackers to bypass access controls such as the same origin policy.
Source: https://thehackernews.com/2012/11/xss-vulnerability-in-apple-website.html