Darren Pauli (via Ole Begemann): “After we received no serious reply, we released the data,” Mejri told El Reg in an email. Apple did not respond to a request for comment, and it’s not clear if the vulnerability has been addressed. In a nuthsell, the bug works like this: you change the name of your … Continue reading App Store Invoice JavaScript Injection